Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager
CVE-2023-35033

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape 4000 Manager; Unify Openscape 4000 Assistant
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-35033?

The Atos Unify OpenScape 4000 Assistant and Manager are susceptible to command injection vulnerabilities, which can be exploited by authenticated users. This flaw allows attackers to execute arbitrary commands on the underlying system, potentially leading to unauthorized access and manipulation of sensitive data. Users of affected versions are urged to apply the latest security updates as outlined in the security advisory to mitigate the risk of exploitation.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

https://www.news.de/technik/856882353/unify-openscape-400...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023