What vulnerabilities were identified by cybersecurity researchers at SEC Consult in Atos Unify products?

SEC Consult identified two vulnerabilities in Atos Unify products, posing significant risks that could enable malicious actors to disrupt operations and compromise the targeted system.

Which components of Atos Unify were affected by these vulnerabilities?

The identified vulnerabilities affect Atos Unify Session Border Controller (SBC), Unify OpenScape Branch catering to remote offices, and Border Control Function (BCF) designed for emergency services.

How did Atos classify the severity of these vulnerabilities?

Atos classified these vulnerabilities as 'high severity' based on the Common Vulnerability Scoring System (CVSS) score, highlighting the potential for attackers with low-privileged user credentials to gain full control (root access) over the affected appliance, enabling them to reconfigure or backdoor the system.

What actions has Atos taken to address these vulnerabilities?

Atos has responded by releasing updates to address these vulnerabilities in the Unify products. Additionally, they have recommended a set of workarounds, including disabling low-privileged accounts, ensuring the root account is not accessible via SSH, restricting external SSH access to a single account, and not publicly exposing the admin interface of the affected systems, to mitigate or reduce the risk of exploitation.

Advisory

Critical vulnerabilities detected in Atos Unify suite

Q: What are the CVE identifiers for the identified vulnerabilities?

The first vulnerability is tracked as CVE-2023-36618, impacting the web interface and allowing an attacker with authenticated but low privileges to execute arbitrary PHP functions and subsequent operating system commands with root privileges. The second vulnerability is tracked as CVE-2023-36619, which can be exploited by an unauthenticated attacker to access and execute certain scripts, potentially inducing a denial-of-service (DoS) condition or modifying the system's configuration.

published: Sept. 20, 2023

Take action: Lock down your Atos Unify management interfaces (both SSH and Web) to be accessible only in internal secured networks - never exposed on the internet. And plan for a patch, since even the locked down access can still be reached by other malware.

Learn More

Cybersecurity researchers at SEC Consult have identified two vulnerabilities in Atos Unify products. These vulnerabilities pose significant risks, potentially enabling malicious actors to disrupt operations and compromise the targeted system.

The identified weaknesses are present in the unified communications and collaboration solution provided by Atos Unify. Specifically, they affect

Atos Unify Session Border Controller (SBC), which ensures security for unified communications,
Unify OpenScape Branch product catering to remote offices,
Border Control Function (BCF), primarily designed for emergency services.

One of the vulnerabilities, tracked as CVE-2023-36618, impacts the web interface of these products. It allows an attacker with authenticated but low privileges to exploit the system, executing arbitrary PHP functions and subsequently operating system commands with root privileges.

The second vulnerability, tracked as CVE-2023-36619, is exploitable by an unauthenticated attacker. This vulnerability permits unauthorized access and execution of certain scripts. Attackers could leverage these scripts to induce a denial-of-service (DoS) condition or modify the system's configuration.

Atos, has classified these vulnerabilities as 'high severity' based on the Common Vulnerability Scoring System (CVSS) score. If an attacker possesses low-privileged user credentials, they could achieve full control (root access) over the appliance. This level of control enables them to reconfigure or backdoor the system, such as altering SIP upstream configurations.

The affected web interface is typically not exposed to the internet, and analysis indicates that there are no accessible systems via the web, as per Shodan data. Also, there is no proof-of-concept (PoC) exploit code.

Atos has responded by issuing updates to address these vulnerabilities in the Unify products and has recommended a set of workarounds to mitigate or reduce the risk of exploitation.

Disable low-privileged accounts (e.g guest account) or disable ssh access for the accounts
Make sure root account is not accessible via ssh
Restrict external ssh access to a single account
Do not publicly expose the admin interface of the affected systems

Critical vulnerabilities detected in Atos Unify suite

Read More
Critical Cisco Smart Software Manager Vulnerability Allows Root …
Critical remote code execution flaw reported in Emerson …
WatchGuard Firebox vulnerability allows remote code execution
Palo Alto Networks alerts of critical PAN-OS firewall …
Veeam patches critical vulnerability in Backup & Replication …