Authenticated Command Injection Vulnerability in Atos Unify OpenScape 4000
CVE-2023-45351

8.8HIGH

Key Information:

Vendor: Atos
Status: Unify Openscape 4000 Manager; Unify Openscape 4000 Assistant
Vendor: CVE Published:; 9 October 2023

What is CVE-2023-45351?

The Atos Unify OpenScape 4000 systems are vulnerable to an authenticated command injection flaw that can be exploited via the AShbr component. This flaw allows attackers with existing authenticated access to inject arbitrary commands, which could compromise the integrity of the system and lead to unauthorized actions. Users of versions prior to V10 R1.42.1 are particularly at risk, highlighting the importance of immediate updates to mitigate this security threat.

References

https://networks.unify.com/security/advisories/OBSO-2306-...

https://www.news.de/technik/856969401/unify-openscape-400...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2023
Vulnerability Reserved
Oct 9, 2023