A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
References
Link | Resource |
---|---|
https://networks.unify.com/security/advisories/OBSO-2211-02.pdf | Mitigation Vendor Advisory |
https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Dec 2022, 16:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://networks.unify.com/security/advisories/OBSO-2211-02.pdf - Mitigation, Vendor Advisory | |
References | (MISC) https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html - Third Party Advisory | |
First Time |
Atos
Atos unify Openscape 4000 Manager Atos unify Openscape 4000 Assistant |
|
CWE | CWE-77 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:atos:unify_openscape_4000_manager:10:-:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_4000_manager:8:-:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_4000_assistant:8:-:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_4000_assistant:10:-:*:*:*:*:*:* |
13 Dec 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-13 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-46404
Mitre link : CVE-2022-46404
CVE.ORG link : CVE-2022-46404
JSON object : View
Products Affected
atos
- unify_openscape_4000_assistant
- unify_openscape_4000_manager
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')