Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager
CVE-2023-35031

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape 4000 Manager; Unify Openscape 4000 Assistant
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-35031?

A command injection vulnerability exists within Atos Unify OpenScape 4000 products, allowing authenticated users to exploit this weakness. Specifically, versions prior to V10 R1.42.0 and V10 R1.34.8 for both the Assistant and Manager products are affected. This flaw potentially enables unauthorized command execution within the system, which could lead to further exploitation or interruption of services. Users are urged to upgrade to the latest versions to mitigate risks associated with this vulnerability.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

https://www.news.de/technik/856882353/unify-openscape-400...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023