PT-2023-22271 · Atos · Atos Unify Openscape 4000 Manager Platform+1
Published
2023-04-06
·
Updated
2023-04-13
·
CVE-2023-29473
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape 4000 Platform versions 10 R1 through 10 R1.34.3
Atos Unify OpenScape 4000 Manager Platform versions 10 R1 through 10 R1.34.3
Description
The webservice in the affected platforms allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access.
Recommendations
For versions 10 R1 through 10 R1.34.3, update to version 10 R1.34.4 or later to resolve the issue.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape 4000 Manager Platform
Atos Unify Openscape 4000 Platform