CVE-2023-36619 – CVE-2023-36619 allows unauthenticated remote at... (How to Fix)

Q: What is the severity of CVE-2023-36619?

CVE-2023-36619 has a CVSS score of 9.8 (CRITICAL). CVE-2023-36619 allows unauthenticated remote attackers to execute administrative scripts on Atos Unify OpenScape Session Border Controller systems. This vulnerability affects all deployments running vulnerable versions, potentially giving attackers full control over the SBC device.

📋 TL;DR

CVE-2023-36619 allows unauthenticated remote attackers to execute administrative scripts on Atos Unify OpenScape Session Border Controller systems. This vulnerability affects all deployments running vulnerable versions, potentially giving attackers full control over the SBC device.

💻 Affected Systems

Products:

Atos Unify OpenScape Session Border Controller

Versions: All versions through V10 R3.01.03

Operating Systems: Proprietary SBC OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Session Border Controller by Unify

View all CVEs affecting Session Border Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SBC allowing attackers to intercept/modify VoIP traffic, pivot to internal networks, deploy ransomware, or use the device for further attacks.

🟠

Likely Case

Remote code execution leading to data exfiltration, service disruption, or use as a foothold for lateral movement within the network.

🟢

If Mitigated

Limited impact if device is isolated with strict network segmentation and access controls, though still vulnerable to internal threats.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication, making exposed devices immediate targets.

🏢 Internal Only: HIGH - Even internally, any attacker on the network can exploit this without credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on Packet Storm Security and other sources. Attack requires only network access to the SBC management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V10 R3.01.04 or later

Vendor Advisory: https://networks.unify.com/security/advisories/OBSO-2307-01.pdf

Restart Required: Yes

Instructions:

1. Download patch from Atos Unify support portal. 2. Backup current configuration. 3. Apply patch following vendor instructions. 4. Reboot device. 5. Verify patch installation and functionality.

🔧 Temporary Workarounds

Network Isolation

all

Restrict access to SBC management interface to trusted IPs only

Configure firewall rules to allow only specific management IPs to access SBC management ports

Management Interface Removal

all

Disable or remove management interface from untrusted networks

Configure SBC to only allow management from internal VLAN/network

🧯 If You Can't Patch

Immediately isolate the SBC from internet and untrusted networks using firewall rules
Implement strict network segmentation and monitor all traffic to/from the SBC for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check SBC version via web interface or CLI. If version is V10 R3.01.03 or earlier, device is vulnerable.

Check Version:

Login to SBC CLI and run 'show version' or check via web interface System Information

Verify Fix Applied:

Verify version is V10 R3.01.04 or later. Test that unauthenticated access to administrative scripts is blocked.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to administrative scripts
Unusual script execution patterns
Failed authentication followed by successful script execution

Network Indicators:

Unusual traffic to SBC management ports from unexpected sources
HTTP requests to administrative script endpoints without authentication headers

SIEM Query:

source="SBC_logs" AND (uri="*/admin_scripts/*" OR uri="*/cgi-bin/*") AND NOT auth_success="true"

📊 Metadata

CVE ID: CVE-2023-36619

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 4, 2023

Last Updated: November 21, 2024

🔗 References

https://networks.unify.com/security/advisories/OBSO-2307-01.pdf Vendor Advisory
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html Exploit,Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ Exploit,Third Party Advisory
https://networks.unify.com/security/advisories/OBSO-2307-01.pdf Vendor Advisory
https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html Exploit,Third Party Advisory,VDB Entry
https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36619, you might also want to check these: