← Retour aux CVEs

CVE-2022-46404

CRITICAL

9.8

Description

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/13/2022

Derniere modification4/22/2025

Sourcenvd

Observations honeypot0

Produits affectes

atos:unify_openscape_4000_assistantatos:unify_openscape_4000_manager

Faiblesses (CWE)

CWE-77CWE-77

References

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(cve@mitre.org)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(cve@mitre.org)

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.