← Back to CVEs

CVE-2022-46404

CRITICAL

9.8

Description

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/13/2022

Last Modified4/22/2025

Sourcenvd

Honeypot Sightings0

Affected Products

atos:unify_openscape_4000_assistantatos:unify_openscape_4000_manager

Weaknesses (CWE)

CWE-77CWE-77

References

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(cve@mitre.org)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(cve@mitre.org)

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.