CVE-2023-45355

2023-10-0900:00:00

mitre

www.cve.org

atos unify openscape 4000

manager platform

command injection

authenticated attacker

administrative access

webservice

osfourk-24120

9.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.

References

networks.unify.com/security/advisories/OBSO-2308-02.pdf

www.news.de/technik/857079218/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/