Security researchers at SEC Consult have discovered two critical vulnerabilities in Atos Unify products that could allow malicious actors to take control of the targeted system. These vulnerabilities affect the Atos Unify Session Border Controller (SBC), OpenScape Branch product for remote offices, and Border Control Function (BCF) for emergency services. The first flaw (CVE-2023-36618) allows an attacker with low privileges to execute arbitrary PHP functions and operating system commands with root privileges. The second vulnerability (CVE-2023-36619) enables an unauthenticated attacker to access and execute certain scripts, potentially leading to a denial-of-service condition or system configuration changes. Atos has released updates to address these vulnerabilities.