CVE-2023-45356

HIGH

Atos Unify OpenScape 4000 Assistant and Manager Platform V10 R1 - Authenticated Command Injection via dtb Pages

Title source: llm

Description

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.

References (2)

Core 2

Core References

Vendor Advisory

https://networks.unify.com/security/advisories/OBSO-2308-02.pdf

Press/Media Coverage

https://www.news.de/technik/857079218/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/

Scores

CVSS v3 8.8

EPSS 0.0126

EPSS Percentile 66.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (2)

atos/unify_openscape_4000_assistant 10 r0

atos/unify_openscape_4000_manager 10 r0

Published Oct 09, 2023

Tracked Since Feb 18, 2026