cbcvebase.
CVE-2023-21890
published 2023-01-18

CVE-2023-21890: Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.84%
53.2th percentile
Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle Communications Converged Application Server. Successful attacks of this vulnerability can result in takeover of Oracle Communications Converged Application Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

4 ranges
VendorProductVersion rangeFixed in
oraclecommunications_converged_application_server
oraclecommunications_converged_application_server
oracle_corporationcommunications_converged_application_server
oracle_corporationcommunications_converged_application_server

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-21890 is exploitable over UDP — monitor for unexpected/malformed UDP traffic targeting Oracle Communications Converged Application Server (OCCAS) on its listening UDP ports
  • No authentication is required to exploit this vulnerability; any unauthenticated UDP connection attempt to OCCAS Core should be treated as suspicious
  • Successful exploitation results in full server takeover (C/I/A all HIGH); alert on unexpected process spawning or privilege escalation from the OCCAS process
  • ·Only versions 7.1.0 and 8.0.0 of Oracle Communications Converged Application Server are confirmed affected; detections should be scoped to hosts running these specific versions
  • ·The vulnerable component is specifically the 'Core' component of Oracle Communications Converged Application Server; focus detection on that component's network exposure
  • ·The attack vector is Network with no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N), meaning internet-exposed instances are at critical risk with no mitigating complexity

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.