Command Injection Vulnerability in Atos Unify OpenScape 4000 Assistant and Manager
CVE-2023-35035

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape 4000 Manager; Unify Openscape 4000 Assistant
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-35035?

The vulnerability in Atos Unify OpenScape 4000 products allows authenticated users to exploit command injection flaws in the Assistant and Manager versions. This security flaw enables attackers with valid credentials to execute arbitrary commands, potentially compromising system integrity and confidentiality. Users of the affected versions are advised to update to the latest patches to mitigate the risk.

References

https://networks.unify.com/security/advisories/OBSO-2305-...

https://www.news.de/technik/856882353/unify-openscape-400...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Jun 12, 2023