Lucene search

MitreCVE-2023-45349

HistoryOct 09, 2023 - 4:15 a.m.

CVE-2023-45349

2023-10-0904:15:50

mitre

web.nvd.nist.gov

atos

unify

openscape 4000

assistant

manager

vulnerability

information exposure

cve-2023-45349

osfourk-23722

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.

Affected configurations

Nvd

Node

atosunify_openscape_4000_assistantMatch10r0

atosunify_openscape_4000_assistantMatch10r1

atosunify_openscape_4000_assistantMatch10r1.42.0

atosunify_openscape_4000_managerMatch10r0

atosunify_openscape_4000_managerMatch10r1

atosunify_openscape_4000_managerMatch10r1.42.0

VendorProductVersionCPE
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*
atosunify_openscape_4000_assistant10cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1.42.0:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*
atosunify_openscape_4000_manager10cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1.42.0:*:*:*:*:*:*

Vendor	Product	Version	CPE
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0::::::
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1::::::
atos	unify_openscape_4000_assistant	10	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1.42.0::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1::::::
atos	unify_openscape_4000_manager	10	cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1.42.0::::::

References

networks.unify.com/security/advisories/OBSO-2306-01.pdf

www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

Related for CVE-2023-45349