CVE-2023-6269

CRITICAL

Atos Unify OpenScape <V10 R3.4.0, V10R10.12.00, V10R11.05.02 - Comm...

Title source: llm
STIX 2.1

Description

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

References (4)

Scores

CVSS v3 10.0
EPSS 0.0046
EPSS Percentile 64.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-88
Status published
Products (3)
atos/unify_openscape_bcf 10 - 10r10.12.00
atos/unify_openscape_branch 10 - 10r3.4.0
atos/unify_openscape_session_border_controller 10 - 10r3.4.0
Published Dec 05, 2023
Tracked Since Feb 18, 2026