← Voltar para CVEs

CVE-2022-46404

CRITICAL

9.8

Descricao

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado12/13/2022

Ultima modificacao4/22/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

atos:unify_openscape_4000_assistantatos:unify_openscape_4000_manager

Fraquezas (CWE)

CWE-77CWE-77

Referencias

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(cve@mitre.org)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(cve@mitre.org)

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.