SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20230918-0 >
=======================================================================
title: Authenticated Remote Code Execution and
Missing Authentication
product: Atos Unify OpenScape Session Border Controller
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF
vulnerable version: OpenScape SBC…

USN-7015-1: Python vulnerabilities

It was discovered that the Python email module incorrectly parsed email addresses that contain special characters. A remote attacker could...

September 16, 2024

USN-7014-1: nginx vulnerability

It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive...

September 16, 2024

USN-7013-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this...

September 16, 2024

USN-7012-1: curl vulnerability

Hiroki Kurosawa discovered that curl incorrectly handled certain OCSP responses. This could result in bad certificates not being checked properly,...

September 16, 2024

USN-7011-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled certain PDF files. A remote attacker could possibly use this issue to cause...

September 16, 2024

USN-6560-3: OpenSSH vulnerability

USN-6560-2 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It...

September 16, 2024

White House to Tackle AI-Generated Sexual Abuse Images

Legacy Ivanti Cloud Service Appliance Being Exploited

Half of UK Firms Lack Basic Cybersecurity Skills

Advanced Phishing Attacks Put X Accounts at Risk

Apple to Drop Spyware Lawsuit Over Security Concerns

Tackling the Unique Cybersecurity Challenges of Online Learning Platforms

Meta Goes Ahead With Controversial AI Training in UK

23andMe Agrees to $30m Data Breach Settlement

UK Hosts International Cyber Skills Conference

SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

USN-7015-1: Python vulnerabilities

USN-7014-1: nginx vulnerability

USN-7013-1: Dovecot vulnerabilities

USN-7012-1: curl vulnerability

USN-7011-1: ClamAV vulnerabilities

USN-6560-3: OpenSSH vulnerability