CVE-2022-36444 – This is a remote code execution vulnerability i... (How to Fix)

Q: What is the severity of CVE-2022-36444?

CVE-2022-36444 has a CVSS score of 8.6 (HIGH). This is a remote code execution vulnerability in Atos Unify OpenScape products that allows unauthenticated attackers with network access to the admin interface to execute arbitrary code. It affects OpenScape SBC, Branch, and BCF systems, potentially compromising confidentiality, integrity, and availability.

📋 TL;DR

This is a remote code execution vulnerability in Atos Unify OpenScape products that allows unauthenticated attackers with network access to the admin interface to execute arbitrary code. It affects OpenScape SBC, Branch, and BCF systems, potentially compromising confidentiality, integrity, and availability.

💻 Affected Systems

Products:

Atos Unify OpenScape SBC
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF

Versions: OpenScape SBC 9 and 10 before 10R2.2.1; OpenScape Branch 9 and 10 before 10R2.1.1; OpenScape BCF 10 before 10R9.12.1

Operating Systems: Proprietary

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires network access to admin interface. Default configurations typically expose admin interfaces.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, steal sensitive data, disrupt communications, and maintain persistent access.

🟠

Likely Case

System disruption and potential data exfiltration leading to service downtime and information disclosure.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized access to admin interfaces.

🌐 Internet-Facing: HIGH - Admin interfaces exposed to internet are directly vulnerable to unauthenticated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability allows unauthenticated remote code execution, making exploitation relatively straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenScape SBC 10R2.2.1; OpenScape Branch 10R2.1.1; OpenScape BCF 10R9.12.1

Vendor Advisory: https://networks.unify.com/security/advisories/OBSO-2203-01.pdf

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Atos Unify support portal. 2. Apply the patch following vendor documentation. 3. Restart the affected system. 4. Verify the patch was successfully applied.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to admin interfaces using firewalls or network segmentation

Access Control Lists

all

Implement strict IP-based access controls for admin interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy intrusion detection/prevention systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list. Review network configuration to determine if admin interfaces are exposed.

Check Version:

Check via system web interface or CLI using vendor-specific commands (varies by product)

Verify Fix Applied:

Verify system version is updated to patched version. Test admin interface access controls.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to admin interface
Unusual process execution
System configuration changes

Network Indicators:

Unexpected connections to admin ports
Suspicious payloads in network traffic to admin interfaces

SIEM Query:

source_ip OUTSIDE trusted_range AND dest_port IN (admin_ports) AND action='connection_attempt'

📊 Metadata

CVE ID: CVE-2022-36444

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Published: July 25, 2022

Last Updated: November 21, 2024

🔗 References

https://networks.unify.com/security/advisories/OBSO-2203-01.pdf Vendor Advisory
https://networks.unify.com/security/advisories/OBSO-2203-01.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON