CVE-2021-43394
📋 TL;DR
This vulnerability allows attackers to bypass LDAP authentication in Unisys OS 2200 Messaging Integration Services due to improper password validation. Attackers could gain unauthorized access to systems running affected versions. Organizations using Unisys OS 2200 NTSI versions 7R3B IC3/IC4, 7R3C, or 7R3D are affected.
💻 Affected Systems
- Unisys OS 2200 Messaging Integration Services (NTSI)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to access sensitive data, execute arbitrary code, and pivot to other systems in the network.
Likely Case
Unauthorized access to messaging services, potential data exfiltration, and privilege escalation within the affected system.
If Mitigated
Limited impact with proper network segmentation, monitoring, and authentication controls in place.
🎯 Exploit Status
Authentication bypass vulnerabilities typically have low exploitation complexity once the vulnerability is understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Contact Unisys support for specific patch information
Vendor Advisory: https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=66
Restart Required: Yes
Instructions:
1. Contact Unisys support for appropriate patches. 2. Apply patches following Unisys documentation. 3. Restart affected services. 4. Verify LDAP authentication is functioning correctly.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected systems from untrusted networks and limit access to authorized users only.
Enhanced Monitoring
allImplement strict monitoring of authentication attempts and LDAP queries on affected systems.
🧯 If You Can't Patch
- Implement network-level authentication controls (firewall rules, VPN access only)
- Deploy additional authentication layers (multi-factor authentication, certificate-based auth)
🔍 How to Verify
Check if Vulnerable:
Check NTSI version using Unisys administrative tools and compare against affected versions.Check Version:
Use Unisys OS 2200 system administration commands specific to NTSI version checking.Verify Fix Applied:
Test LDAP authentication with invalid credentials to ensure proper validation occurs.📡 Detection & Monitoring
Log Indicators:
- Failed LDAP authentication attempts followed by successful access
- Unusual authentication patterns
- LDAP query errors
Network Indicators:
- Unexpected connections to NTSI services
- LDAP traffic from unauthorized sources
SIEM Query:
source="ntsi" AND (event_type="authentication" AND result="success") AND (previous_event="authentication_failure" within 5 minutes)