Atos Unify Vulnerabilities Let Attacker Execute Remote Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Two vulnerabilities have been identified on three Atos Unify OpenScape products, SBC, Branch, and BCF, which are associated with Missing authentication and Authenticated Remote code execution.
One of the vulnerabilities allows threat actors to execute arbitrary operating system commands as root users, while the other allows them to access and execute various configuration scripts. However, these vulnerabilities have been fixed by Unify.
The National Vulnerability Database (NVD) has not yet confirmed the severity score and vector.
Authenticated Remote Code Execution (CVE-2023-36618)
This vulnerability exists on the administrative web application API, which has improper validation of inputs by an authenticated user. This allows a threat actor to execute arbitrary PHP functions, eventually executing operating system-level commands with root privileges.
In order to exploit this vulnerability, a threat actor must have a low-privileged ReadOnly role as a prerequisite. Applications that were found to be vulnerable to this vulnerability have been built with functions that call callMainFunction, which takes care of processing the POST data.
📁🄳🄾🄲🅄🄼🄴🄽🅃
callMainFunction in /srv/www/htdocs/core/CoreAPI.php calls arbitrary functions and checks for forbidden functions with the help of cfgUtilCheckMethod located at /srv/www/htdocs/core/cfgUtil.php.
This cfgUtil.php file uses several functions like cfgUtilExecute, cfgUtilShellExec, and especially cfgUtilShellExecSudo, cfgUtilSetPermExecSudo, and cfgUtilExecSudo which a threat actor can utilize to execute root commands on the affected appliance.
Missing Authentication (CVE-2023-36619)
Several PHP scripts were found to have zero authentication for execution. These scripts also perform several functions, like the start.php file configures and starts the appliance. The scripts identified include,
Vulnerable Products and Fixed in Version
Vulnerable Products Version Fixed in Version Impact Atos Unify OpenScape Session Border ControllerOpenScape SBC before V10 R3.3.0 OpenScape SBC V10 >=R3.3.0 CriticalAtos Unify OpenScape BranchOpenScape Branch V10 before V10 R3.3.0 OpenScape Branch V10 >=R3.3.0 Atos Unify OpenScape BCFOpenScape BCF V10 before V10 R10.10.0OpenScape BCF V10 >=R10.10.0
Users of these products are recommended to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Atos Unify Vulnerabilities Let Attacker Execute Remote Code
Author: GuruTwo vulnerabilities have been identified on three Atos Unify OpenScape products, SBC, Branch, and BCF, which are associated with Missing authentication and Authenticated Remote code execution.
One of the vulnerabilities allows threat actors to execute arbitrary operating system commands as root users, while the other allows them to access and execute various configuration scripts. However, these vulnerabilities have been fixed by Unify.
The National Vulnerability Database (NVD) has not yet confirmed the severity score and vector.
Authenticated Remote Code Execution (CVE-2023-36618)
This vulnerability exists on the administrative web application API, which has improper validation of inputs by an authenticated user. This allows a threat actor to execute arbitrary PHP functions, eventually executing operating system-level commands with root privileges.
In order to exploit this vulnerability, a threat actor must have a low-privileged ReadOnly role as a prerequisite. Applications that were found to be vulnerable to this vulnerability have been built with functions that call callMainFunction, which takes care of processing the POST data.
📁🄳🄾🄲🅄🄼🄴🄽🅃
callMainFunction in /srv/www/htdocs/core/CoreAPI.php calls arbitrary functions and checks for forbidden functions with the help of cfgUtilCheckMethod located at /srv/www/htdocs/core/cfgUtil.php.
This cfgUtil.php file uses several functions like cfgUtilExecute, cfgUtilShellExec, and especially cfgUtilShellExecSudo, cfgUtilSetPermExecSudo, and cfgUtilExecSudo which a threat actor can utilize to execute root commands on the affected appliance.
Missing Authentication (CVE-2023-36619)
Several PHP scripts were found to have zero authentication for execution. These scripts also perform several functions, like the start.php file configures and starts the appliance. The scripts identified include,
- hostname/core/configuringInBackground.php
- hostname/core/downloadProfiles.php
- hostname/core/hello_world.php
- hostname/core/scripts/applyZooServerData.php
- hostname/core/scripts/cfgGenUpdateSSPStatusTable.php
- hostname/core/scripts/checkcardsDbHw.php
- hostname/core/scripts/config1.php
- hostname/core/scripts/recover.php
- hostname/core/scripts/start.php
- hostname/core/scripts/startPre.php
- hostname/core/shutdown.php
- hostname/data/sipLbInfo.php
- hostname/data/turnInfo.php
Vulnerable Products and Fixed in Version
Vulnerable Products Version Fixed in Version Impact Atos Unify OpenScape Session Border ControllerOpenScape SBC before V10 R3.3.0 OpenScape SBC V10 >=R3.3.0 CriticalAtos Unify OpenScape BranchOpenScape Branch V10 before V10 R3.3.0 OpenScape Branch V10 >=R3.3.0 Atos Unify OpenScape BCFOpenScape BCF V10 before V10 R10.10.0OpenScape BCF V10 >=R10.10.0
Users of these products are recommended to upgrade to the latest versions to prevent these vulnerabilities from getting exploited by threat actors.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
