CVE-2022-46404 - OpenCVE

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Atos	Unify Openscape 4000 Assistant Unify Openscape 4000 Manager

Configuration 1 [-]

OR	cpe:2.3:a:atos:unify_openscape_4000_assistant:8:-::::::
	cpe:2.3:a:atos:unify_openscape_4000_assistant:10:-::::::
	cpe:2.3:a:atos:unify_openscape_4000_manager:8:-::::::
	cpe:2.3:a:atos:unify_openscape_4000_manager:10:-::::::

References

Link	Resource
https://networks.unify.com/security/advisories/OBSO-2211-02.pdf	Mitigation Vendor Advisory
https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-13T00:00:00

Updated: 2022-12-13T00:00:00

Reserved: 2022-12-04T00:00:00

Link: CVE-2022-46404

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-13T21:15:11.800

Modified: 2022-12-27T16:12:32.677

Link: CVE-2022-46404

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:8:-:*:*:*:*:*:*", "matchCriteriaId": "54BA8194-E093-470B-81F3-1866654EDF2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:-:*:*:*:*:*:*", "matchCriteriaId": "94004B7D-71FF-4323-BAA7-A0A86CBE1FAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:8:-:*:*:*:*:*:*", "matchCriteriaId": "C4AFCA4A-E620-418E-98FF-91A8BD519F0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atos:unify_openscape_4000_manager:10:-:*:*:*:*:*:*", "matchCriteriaId": "DB025DB6-3035-4BCD-A39B-49E27D74F543", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de inyecci\u00f3n de comandos en Atos Unify OpenScape 4000 Assistant y Unify OpenScape 4000 Manager (8 anteriores a R2.22.18, 10 anteriores a 0.28.13 y 10 R1 anteriores a R1.34.4) que puede permitir que un atacante no autenticado cargue archivos arbitrarios y lograr acceso administrativo al sistema."}], "id": "CVE-2022-46404", "lastModified": "2022-12-27T16:12:32.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2022-12-13T21:15:11.800", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://networks.unify.com/security/advisories/OBSO-2211-02.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.heise.de/news/Kommunikationssoftware-Kritische-Sicherheitsluecke-in-Atos-Unify-OpenScape-4000-7358657.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}