Login Sign Up

CVE-2022-21382

7.7 HIGH

📋 TL;DR

This vulnerability in Oracle Enterprise Session Border Controller's WebUI allows authenticated attackers with low privileges to modify or delete critical data via HTTP requests. It affects versions 8.4 and 9.0 of the product, and successful exploitation could impact other connected systems due to its scope-changing nature.

💻 Affected Systems

Products:
  • Oracle Enterprise Session Border Controller
Versions: 8.4 and 9.0
Operating Systems: Not specified - appliance-based product
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network access to the WebUI interface and low-privilege credentials. The vulnerability's scope-changing nature means it could affect additional products beyond the ESBC itself.

📦 What is this software?

Enterprise Session Border Controller by Oracle

View all CVEs affecting Enterprise Session Border Controller →

Enterprise Session Border Controller by Oracle

View all CVEs affecting Enterprise Session Border Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate critical configuration data, disrupt communications services, or compromise integrity of connected systems, potentially causing service outages or unauthorized access to other network components.

🟠

Likely Case

Privileged insiders or compromised low-privilege accounts could modify session border controller configurations, potentially disrupting VoIP services or altering call routing rules.

🟢

If Mitigated

With proper network segmentation and strict access controls, impact would be limited to the affected Oracle ESBC instance without spreading to other systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Oracle describes it as 'easily exploitable' but requires authentication. No public exploit code has been identified as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle's January 2022 Critical Patch Update

Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2022.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Oracle Support. 2. Apply the patch following Oracle's ESBC patching procedures. 3. Restart the ESBC services as required. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the ESBC WebUI to only trusted administrative networks

# Configure firewall rules to limit WebUI access
# Example: iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
# iptables -A INPUT -p tcp --dport 443 -j DROP

Privilege Reduction

all

Review and minimize low-privilege user accounts with WebUI access

# Review user accounts via ESBC CLI
show users
# Remove unnecessary low-privilege accounts

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the ESBC from other critical systems
  • Enable detailed logging and monitoring of all WebUI access and configuration changes

🔍 How to Verify

Check if Vulnerable:

Check ESBC version via CLI: 'show version' and verify if running 8.4 or 9.0

Check Version:

show version

Verify Fix Applied:

Verify patch application via 'show version' and check patch status in Oracle documentation

📡 Detection & Monitoring

Log Indicators:

  • Unusual WebUI login patterns
  • Configuration changes from non-admin accounts
  • Multiple failed login attempts followed by successful access

Network Indicators:

  • HTTP requests to WebUI from unexpected source IPs
  • Unusual traffic patterns to ESBC management interface

SIEM Query:

source="oracle_esbc" AND (event_type="config_change" OR event_type="user_login") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2022-21382
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Published: January 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON