Directory Traversal Vulnerability in Atos Unify OpenScape Voice V10
CVE-2023-48166

7.5HIGH

Key Information:

Vendor: Atos
Vendor: CVE Published:; 12 January 2024

What is CVE-2023-48166?

A directory traversal vulnerability exists in the SOAP Server of Atos Unify OpenScape Voice V10 prior to version V10R3.26.1. This security flaw enables remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive files on the local file system. Such access may lead to the exposure of crucial information and compromise of the underlying system, thus posing significant security risks for users and organizations relying on this product.

References

https://networks.unify.com/security/advisories/OBSO-2401-...

https://labs.integrity.pt/advisories/cve-2023-48166/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2024
Vulnerability Reserved
Nov 13, 2023