CVE-2023-36618 – CVE-2023-36618 allows authenticated low-privile... (How to Fix)

Q: What is the severity of CVE-2023-36618?

CVE-2023-36618 has a CVSS score of 8.8 (HIGH). CVE-2023-36618 allows authenticated low-privileged users to execute arbitrary operating system commands with root privileges on Atos Unify OpenScape Session Border Controller systems. This vulnerability affects all versions through V10 R3.01.03, enabling complete system compromise.

📋 TL;DR

CVE-2023-36618 allows authenticated low-privileged users to execute arbitrary operating system commands with root privileges on Atos Unify OpenScape Session Border Controller systems. This vulnerability affects all versions through V10 R3.01.03, enabling complete system compromise.

💻 Affected Systems

Products:

Atos Unify OpenScape Session Border Controller

Versions: All versions through V10 R3.01.03

Operating Systems: Proprietary SBC OS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access, but any authenticated user regardless of privilege level can exploit this vulnerability.

📦 What is this software?

Session Border Controller by Unify

View all CVEs affecting Session Border Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root access, allowing attackers to install persistent backdoors, exfiltrate sensitive data, pivot to other network segments, or disrupt telephony services.

🟠

Likely Case

Attackers gain root shell access to execute arbitrary commands, potentially leading to data theft, service disruption, or lateral movement within the network.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the SBC device itself, though root compromise still allows significant damage to that system.

🌐 Internet-Facing: HIGH - Session Border Controllers are often internet-facing devices that handle VoIP traffic, making them prime targets for remote exploitation.

🏢 Internal Only: HIGH - Even internally, authenticated users with low privileges can escalate to root, posing significant insider threat risks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. Public exploit details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V10 R3.01.04 and later

Vendor Advisory: https://networks.unify.com/security/advisories/OBSO-2307-01.pdf

Restart Required: Yes

Instructions:

1. Download patch from Atos Unify support portal. 2. Backup current configuration. 3. Apply patch following vendor instructions. 4. Restart the SBC. 5. Verify patch installation and functionality.

🔧 Temporary Workarounds

Restrict Access Controls

all

Limit network access to the SBC management interface to only trusted administrative networks and implement strict authentication controls.

Implement Network Segmentation

all

Isolate the SBC in a dedicated network segment with strict firewall rules limiting inbound and outbound connections.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the SBC from critical infrastructure
Enforce multi-factor authentication and strong password policies for all SBC accounts

🔍 How to Verify

Check if Vulnerable:

Check SBC version via web interface or CLI. If version is V10 R3.01.03 or earlier, the system is vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify version is V10 R3.01.04 or later via web interface or CLI command 'show version'.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Multiple failed authentication attempts followed by successful login
Unexpected process execution or system modifications

Network Indicators:

Unusual outbound connections from SBC
Suspicious traffic patterns to/from SBC management interface
Anomalous SSH or remote access attempts

SIEM Query:

source="openscape-sbc" AND (event_type="command_execution" OR event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2023-36618

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: October 4, 2023

Last Updated: November 21, 2024

🔗 References

https://networks.unify.com/security/advisories/OBSO-2307-01.pdf Vendor Advisory
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html Exploit,Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ Exploit,Third Party Advisory
https://networks.unify.com/security/advisories/OBSO-2307-01.pdf Vendor Advisory
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html Exploit,Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36618, you might also want to check these: