CVE-2023-35034

CRITICAL

Atos Unify OpenScape 4000 Assistant and Manager V10 R1 - Unauthenticated Remote Code Execution

Title source: llm

Description

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.

References (2)

Core 2

Core References

Vendor Advisory

https://networks.unify.com/security/advisories/OBSO-2305-01.pdf

Press/Media Coverage

https://www.news.de/technik/856882353/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/

Scores

CVSS v3 9.8

EPSS 0.0134

EPSS Percentile 67.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (2)

atos/unify_openscape_4000_assistant 10 r1 (2 CPE variants)

atos/unify_openscape_4000_manager 10 r1 (2 CPE variants)

Published Jun 12, 2023

Tracked Since Feb 18, 2026