vulnerability

Rocket Software: CVE-2023-28503: Authentication Bypass and Remote Code Execution

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	2023-03-29	2023-03-29	2023-04-10

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

2023-03-29

Added

2023-03-29

Modified

2023-04-10

Description

Rapid7 discovered an authentication bypass in the `do_log_on_user()` function in `libunidata.so` that permits a user to authenticate as any Linux user on the target service using a hard-coded username (`:local:`) and a deterministic password. This affects most of the services that UniData ships, and leads directly to shell command execution via the `udadmin` service. Additionally, it allows us to exploit several post-authentication vulnerabilities.

Solution

rocket-unirpc-server-cve-2023-28503-upgrade

References

CVE-2023-28503
https://attackerkb.com/topics/CVE-2023-28503
URL-https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today