PT-2023-5906 · Atos · Atos Unify Openscape 4000 Manager Platform+1
Published
2023-08-10
·
Updated
2023-10-12
·
CVE-2023-45355
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2
Atos Unify OpenScape 4000 Manager Platform V10 R1 before Hotfix V10 R1.42.2
Description
The issue is related to insufficient input data validation in the webservice of the Atos Unify OpenScape 4000 Platform and the Atos Unify OpenScape 4000 Manager Platform, allowing command injection by an authenticated attacker into the platform operating system. This can lead to administrative access via the webservice. The exploitation of this issue may allow a remote attacker to execute arbitrary commands.
Recommendations
For Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2, apply Hotfix V10 R1.42.2 to resolve the issue.
For Atos Unify OpenScape 4000 Manager Platform V10 R1 before Hotfix V10 R1.42.2, apply Hotfix V10 R1.42.2 to resolve the issue.
As a temporary workaround, consider restricting access to the webservice to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape 4000 Manager Platform
Atos Unify Openscape 4000 Platform