Vulnerability Details : CVE-2023-28503
Public exploit exists!
Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-28503
- cpe:2.3:a:rocketsoftware:unidata:*:*:*:*:*:*:*:*
- cpe:2.3:a:rocketsoftware:universe:*:*:*:*:*:*:*:*
- cpe:2.3:a:rocketsoftware:universe:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28503
3.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-28503
-
Rocket Software Unidata udadmin_server Authentication Bypass
Disclosure Date: 2023-03-30First seen: 2023-09-11exploit/linux/misc/unidata_udadmin_auth_bypassThis module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service
CVSS scores for CVE-2023-28503
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-28503
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: cve@rapid7.con (Secondary)
References for CVE-2023-28503
-
http://packetstormsecurity.com/files/171854/Rocket-Software-Unidata-udadmin_server-Authentication-Bypass.html
Rocket Software Unidata udadmin_server Authentication Bypass ≈ Packet Storm
-
https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/
Multiple Vulnerabilities in Rocket Software UniData's UniRPC server (Fixed) | Rapid7 BlogThird Party Advisory
Jump to