Lucene search

MitreCVE-2023-35035

HistoryJun 12, 2023 - 2:15 a.m.

CVE-2023-35035

2023-06-1202:15:48

CWE-77

mitre

web.nvd.nist.gov

atos

unify

openscape 4000

command injection

authenticated users

osfourk-23557

cve-2023-35035

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.

Affected configurations

Nvd

Node

atosunify_openscape_4000_assistantMatch10r0

atosunify_openscape_4000_assistantMatch10r1

atosunify_openscape_4000_assistantMatch10r1.34.4

atosunify_openscape_4000_managerMatch10r0

atosunify_openscape_4000_managerMatch10r1

atosunify_openscape_4000_managerMatch10r1.34.4

VendorProductVersionCPE
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1.34.4:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1.34.4:*:*:*:*:*:*

Vendor	Product	Version	CPE
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0::::::
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1::::::
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1.34.4::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1.34.4::::::

References

networks.unify.com/security/advisories/OBSO-2305-01.pdf

www.news.de/technik/856882353/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

Related for CVE-2023-35035