CVE-2023-45351
📋 TL;DR
This vulnerability allows authenticated attackers to execute arbitrary commands on Atos Unify OpenScape 4000 systems via command injection in the AShbr component. Affected systems include OpenScape 4000 Assistant and Manager versions V10 R0 and V10 R1 before specific patches. Attackers with valid credentials can gain remote code execution.
💻 Affected Systems
- Atos Unify OpenScape 4000 Assistant
- Atos Unify OpenScape 4000 Manager
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to data exfiltration, lateral movement within the network, and persistent backdoor installation.
Likely Case
Unauthorized command execution allowing privilege escalation, configuration changes, or service disruption.
If Mitigated
Limited impact due to network segmentation, strong authentication controls, and minimal user privileges.
🎯 Exploit Status
Exploitation requires valid credentials but command injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V10 R1.42.1 for affected V10 R1 systems
Vendor Advisory: https://networks.unify.com/security/advisories/OBSO-2306-01.pdf
Restart Required: Yes
Instructions:
1. Download patch from Atos Unify support portal. 2. Apply patch following vendor documentation. 3. Restart affected services. 4. Verify patch installation.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to OpenScape systems to only trusted administrative networks.
Credential Hardening
allImplement strong password policies, multi-factor authentication, and regular credential rotation for administrative accounts.
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted IP addresses only.
- Monitor and audit all administrative access to OpenScape systems for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check system version against affected versions listed in advisory. Review authentication logs for unauthorized access attempts.Check Version:
Check system administration interface or vendor documentation for version information.Verify Fix Applied:
Verify system version is V10 R1.42.1 or later. Test AShbr functionality to ensure command injection is no longer possible.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by successful login
- AShbr component access from unexpected sources
Network Indicators:
- Unusual outbound connections from OpenScape systems
- Traffic patterns indicating command and control activity
SIEM Query:
source="openscape*" AND (event="command_execution" OR event="authentication") | stats count by src_ip, user🔗 References
- https://networks.unify.com/security/advisories/OBSO-2306-01.pdf
- https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/
- https://networks.unify.com/security/advisories/OBSO-2306-01.pdf
- https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/
