CVE-2022-46404
Summary
| CVE | CVE-2022-46404 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-13 21:15:00 UTC |
| Updated | 2022-12-27 16:12:00 UTC |
| Description | A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. |
Risk And Classification
Problem Types: CWE-77
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atos | Unify Openscape 4000 Assistant | 10 | - | All | All |
| Application | Atos | Unify Openscape 4000 Assistant | 8 | - | All | All |
| Application | Atos | Unify Openscape 4000 Manager | 10 | - | All | All |
| Application | Atos | Unify Openscape 4000 Manager | 8 | - | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Kommunikationssoftware: Kritische Sicherheitslücke in Atos Unify OpenScape 4000 | heise online | MISC | www.heise.de | |
| networks.unify.com/security/advisories/OBSO-2211-02.pdf | MISC | networks.unify.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.