Two vulnerabilities discovered earlier this year in Atos Unify products could allow malicious actors to cause disruption and even backdoor the targeted system.
The flaws were found in the unified communications and collaboration solution by researchers at SEC Consult, an Austria-based cybersecurity consulting firm that is part of the Atos Group’s Eviden business.
The vulnerabilities affect the Atos Unify Session Border Controller (SBC), which provides security for unified communications, the Unify OpenScape Branch product for remote offices, and Border Control Function (BCF), which is designed for emergency services.
SEC Consult researchers discovered that the web interface of these products is affected by CVE-2023-36618, which can be exploited by an authenticated attacker with low privileges to execute arbitrary PHP functions and subsequently operating system commands with root privileges.
The second security hole, CVE-2023-36619, can be exploited by an unauthenticated attacker to access and execute certain scripts. An attacker could leverage these scripts to cause a denial-of-service (DoS) condition or change the system’s configuration.
SEC Consult says the vulnerabilities have critical impact, but the vendor has assigned the flaws a ‘high severity’ rating based on their CVSS score.
“Attackers can gain full control (root access) over the appliance, if any low-privileged user credentials are known, and could reconfigure or backdoor the system (e.g. change SIP upstream configuration, etc),” Johannes Greil, head of the SEC Consult Vulnerability Lab, told SecurityWeek.
Greil pointed out that the affected web interface is typically not exposed to the internet and a brief Shodan analysis shows there are no systems that are reachable from the web.
The cybersecurity firm this week published an advisory containing technical information, but proof-of-concept (PoC) exploit code has not been made public.
Atos has released updates that should patch both Unify vulnerabilities. The vendor has also suggested a series of workarounds that can prevent or reduce the risk of exploitation.
Related: Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain
Related: Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid
Related: Critical Vulnerabilities Patched in OpenText Enterprise Content Management System
