CVE-2023-28509 – This vulnerability affects Rocket Software UniD... (How to Fix)

Q: What is the severity of CVE-2023-28509?

CVE-2023-28509 has a CVSS score of 7.5 (HIGH). This vulnerability affects Rocket Software UniData and UniVerse database systems using weak encryption for network communications and password transmission. Attackers can intercept and decrypt sensitive data, including credentials, transmitted over the network. Organizations running vulnerable versions of these database systems are affected.

📋 TL;DR

This vulnerability affects Rocket Software UniData and UniVerse database systems using weak encryption for network communications and password transmission. Attackers can intercept and decrypt sensitive data, including credentials, transmitted over the network. Organizations running vulnerable versions of these database systems are affected.

💻 Affected Systems

Products:

Rocket Software UniData
Rocket Software UniVerse

Versions: UniData versions prior to 8.2.4 build 3003; UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using packet-level security features and password transmission over the network.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full credential compromise leading to unauthorized database access, data theft, and potential lateral movement within the network.

🟠

Likely Case

Credential interception and privilege escalation allowing attackers to access sensitive database information.

🟢

If Mitigated

Limited impact if strong network segmentation and monitoring prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to intercept traffic; no authentication bypass needed for packet interception.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UniData 8.2.4 build 3003 or later; UniVerse 11.3.5 build 1001 or later, or 12.2.1 build 2002 or later

Vendor Advisory: https://www.rocketsoftware.com/support

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Rocket Software support portal. 2. Apply the patch following vendor documentation. 3. Restart the UniData/UniVerse service. 4. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable systems from untrusted networks to prevent traffic interception.

VPN/Encrypted Tunnel

all

Use VPN or encrypted tunnels for all communications with vulnerable systems.

🧯 If You Can't Patch

Implement strict network access controls to limit connections to trusted hosts only.
Monitor network traffic for unusual patterns and implement intrusion detection systems.

🔍 How to Verify

Check if Vulnerable:

Check the version of UniData or UniVerse installed on the system.

Check Version:

Consult Rocket Software documentation for version checking commands specific to your installation.

Verify Fix Applied:

Verify the installed version matches or exceeds the patched versions listed in the fix section.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts from unusual IPs
Unusual database access patterns

Network Indicators:

Unencrypted or weakly encrypted database traffic on network ports
Suspicious packet captures showing credential transmission

SIEM Query:

source="unidata" OR source="universe" AND (event_type="authentication" OR event_type="network")

📊 Metadata

CVE ID: CVE-2023-28509

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-327

Published: March 29, 2023

Last Updated: February 18, 2025

🔗 References

https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/ Third Party Advisory
https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28509, you might also want to check these: