CVE-2023-28503

CRITICAL

Rocket Software UniData <8.2.4-11.3.5-12.2.1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-28503. PoCs published by Ron Bowes, including Metasploit module exploits/linux/misc/unidata_udadmin_auth_bypass.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Rocket Software UniData's udadmin_server (CVE-2023-28503) by leveraging a special username ':local:' and a crafted password to execute arbitrary commands as root.

Description

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Ron Bowes · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/unidata_udadmin_auth_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Rocket Software UniData's udadmin_server (CVE-2023-28503) by leveraging a special username ':local:' and a crafted password to execute arbitrary commands as root.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Rocket Software UniData udadmin_server < 8.2.4 build 3003

No auth needed

Prerequisites: Network access to the target service (default port 31438) · Valid Linux username and UID on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html

Third Party Advisory third-party-advisory

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Scores

CVSS v3 9.8

EPSS 0.7232

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-287 CWE-798

Status published

Products (2)

rocketsoftware/unidata < 8.2.4

rocketsoftware/universe < 11.3.5

Published Mar 29, 2023

Tracked Since Feb 18, 2026