PT-2023-5905 · Atos · Atos Unify Openscape 4000 Manager Platform+1
Published
2023-08-10
·
Updated
2023-10-12
·
CVE-2023-45356
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000
Atos Unify OpenScape 4000 Manager Platform V10 R1 before Hotfix V10 R1.42.2
Description
The issue is related to insufficient input data cleaning when processing dtb files, allowing an authenticated attacker to inject commands into the platform operating system. This can lead to administrative access via dtb pages of the platform portal.
Recommendations
For Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000, apply Hotfix V10 R1.42.2 to resolve the issue.
For Atos Unify OpenScape 4000 Manager Platform V10 R1 before Hotfix V10 R1.42.2, apply Hotfix V10 R1.42.2 to resolve the issue.
As a temporary workaround, consider restricting access to dtb pages of the platform portal to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape 4000 Manager Platform
Atos Unify Openscape 4000 Platform