CVE-2023-28503 - OpenCVE

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Rocketsoftware	Unidata Universe

Configuration 1 [-]

AND

OR	cpe:2.3:a:rocketsoftware:unidata::::::::
	cpe:2.3:a:rocketsoftware:universe::::::::
	cpe:2.3:a:rocketsoftware:universe::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html
https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: rapid7

Published: 2023-03-29T20:09:43.764Z

Updated: 2023-03-29T20:09:43.764Z

Reserved: 2023-03-16T20:44:20.345Z

Link: CVE-2023-28503

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-29T21:15:08.123

Modified: 2023-04-12T19:15:08.987

Link: CVE-2023-28503

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-28503", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2023-03-16T20:44:20.345Z", "datePublished": "2023-03-29T20:09:43.764Z", "dateUpdated": "2023-03-29T20:09:43.764Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "UniData", "vendor": "Rocket Software", "versions": [{"lessThan": "8.2.43.3003", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "UniVerse", "vendor": "Rocket Software", "versions": [{"lessThan": "11.3.5.1001", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "12.2.1.2002", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ron Bowes"}], "datePublic": "2023-03-29T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user."}], "value": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-03-29T20:09:43.764Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/"}, {"url": "http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Authentication bypass in UniRPC's udadmin service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocketsoftware:unidata:*:*:*:*:*:*:*:*", "matchCriteriaId": "4190A053-8AEE-483F-B7EA-1A985F58D407", "versionEndIncluding": "8.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketsoftware:universe:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E02DA68-C335-40DA-80A4-1DE974B1E0EE", "versionEndIncluding": "11.3.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rocketsoftware:universe:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FE07875-8D74-4C39-BD7D-6044A25BC975", "versionEndIncluding": "12.2.1", "versionStartIncluding": "12.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user."}], "id": "CVE-2023-28503", "lastModified": "2023-04-12T19:15:08.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-29T21:15:08.123", "references": [{"source": "cve@rapid7.com", "url": "http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html"}, {"source": "cve@rapid7.com", "tags": ["Third Party Advisory"], "url": "https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "cve@rapid7.com", "type": "Secondary"}]}