Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46404

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Published

2022-12-13T21:15:11.800

Last Modified

2025-04-22T15:16:07.160

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atos	unify_openscape_4000_assistant	8	Yes
Application	atos	unify_openscape_4000_assistant	10	Yes
Application	atos	unify_openscape_4000_manager	8	Yes
Application	atos	unify_openscape_4000_manager	10	Yes

References

https://networks.unify.com/security/advisories/OBSO-2211-02.pdf Mitigation, Vendor Advisory ([email protected])
https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html Third Party Advisory ([email protected])
https://networks.unify.com/security/advisories/OBSO-2211-02.pdf Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)