Atos Unify Vulnerabilities Let Attacker Execute Remote Code
Two vulnerabilities had been identified on three Atos Unify OpenScape merchandise, SBC, Department, and BCF, which may per chance per chance be linked to Lacking authentication and Authenticated Remote code execution.
One of many vulnerabilities lets in likelihood actors to attain arbitrary operating machine instructions as root users, while the opposite lets in them to safe admission to and attain varied configuration scripts. Alternatively, these vulnerabilities had been mounted by Unify.
The Nationwide Vulnerability Database (NVD) has now not but confirmed the severity rating and vector.
Authenticated Remote Code Execution (CVE-2023-36618)
This vulnerability exists on the federal government web application API, which has corrupt validation of inputs by an authenticated particular person. This lets in a likelihood actor to attain arbitrary PHP functions, by hook or by crook executing operating machine-stage instructions with root privileges.
In picture to utilize this vulnerability, a likelihood actor must possess a low-privileged ReadOnly role as a prerequisite. Capabilities that had been chanced on to be prone to this vulnerability had been constructed with functions that call callMainFunction, which takes care of processing the POST info.
Reside DDoS Attack Simulation
Support the Reside DDoS Web location & API Attack Simulation webinar to manufacture info on varied kinds of assaults and how to prevent them.
callMainFunction in /srv/www/htdocs/core/CoreAPI.php calls arbitrary functions and checks for forbidden functions with the support of cfgUtilCheckMethod situated at /srv/www/htdocs/core/cfgUtil.php.
This cfgUtil.php file makes utilize of a few functions admire cfgUtilExecute, cfgUtilShellExec, and especially cfgUtilShellExecSudo, cfgUtilSetPermExecSudo, and cfgUtilExecSudo which a likelihood actor can safe essentially the most of to attain root instructions on the affected appliance.
Lacking Authentication (CVE-2023-36619)
Quite so a lot of PHP scripts had been chanced on to possess zero authentication for execution. These scripts additionally create a few functions, admire the beginning.php file configures and begins the applying. The scripts identified consist of,
- hostname/core/configuringInBackground.php
- hostname/core/downloadProfiles.php
- hostname/core/hello_world.php
- hostname/core/scripts/applyZooServerData.php
- hostname/core/scripts/cfgGenUpdateSSPStatusTable.php
- hostname/core/scripts/checkcardsDbHw.php
- hostname/core/scripts/config1.php
- hostname/core/scripts/recover.php
- hostname/core/scripts/start.php
- hostname/core/scripts/startPre.php
- hostname/core/shutdown.php 
- hostname/info/sipLbInfo.php
- hostname/info/turnInfo.php
Inclined Merchandise and Mounted in Version
| Inclined Merchandise | Version | Mounted in Version | Impact |
| Atos Unify OpenScape Session Border Controller | OpenScape SBC sooner than V10 R3.3.0 | OpenScape SBC V10 >=R3.3.0 | Critical |
| Atos Unify OpenScape Department | OpenScape Department V10 sooner than V10 R3.3.0 | OpenScape Department V10 >=R3.3.0 | |
| Atos Unify OpenScape BCF | OpenScape BCF V10 sooner than V10 R10.10.0 | OpenScape BCF V10 >=R10.10.0 |
Customers of these merchandise are instant to fortify to essentially the most modern variations to prevent these vulnerabilities from getting exploited by likelihood actors.
Wait on told relating to essentially the most modern Cyber Security Files by following us on Google Files, Linkedin, Twitter, and Facebook.
Source credit : cybersecuritynews.com
