CVE-2023-48166
HIGHUnify OpenScape Voice V10 < V10R3.26.1 - Unauthenticated Path Traversal via SOAP Server
Title source: llmDescription
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
References (2)
Core 2
Core References
Third Party Advisory
https://labs.integrity.pt/advisories/cve-2023-48166/
Vendor Advisory
https://networks.unify.com/security/advisories/OBSO-2401-01.pdf
Scores
CVSS v3
7.5
EPSS
0.0100
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
unify/openscape_voice
10.0
Published
Jan 12, 2024
Tracked Since
Feb 18, 2026