OpenCode Systems OC Messaging and USSD Gateway
Summary
A vulnerability in OpenCode Systems OC Messaging and USSD Gateway (versions 6.32.2) allows authenticated, low-privileged users to access SMS messages outside their authorized scope. This is achieved by manipulating a company or tenant identifier parameter, exploiting an improper access control flaw. The vulnerability has been patched in version 6.33.11.
IFF Assessment
This vulnerability enables unauthorized access to sensitive communication data, posing a direct threat to confidentiality and privacy.
Severity
The CVSS v3 base score of 8.1 indicates a 'High' severity. This is due to the vulnerability allowing unauthorized access to sensitive data (confidentiality impact) with a low attack complexity and requiring only low privileges.
Defender Context
This alert highlights a critical access control vulnerability in critical infrastructure communication systems, emphasizing the need for thorough auditing and prompt patching of messaging and USSD gateway software. Defenders should be vigilant about unauthorized access attempts to SMS data and ensure their systems are updated to the latest secure versions.