Описание
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
Ссылки
- MitigationVendor Advisory
- Third Party Advisory
- MitigationVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:atos:unify_openscape_4000_assistant:8:-:*:*:*:*:*:*
cpe:2.3:a:atos:unify_openscape_4000_assistant:10:-:*:*:*:*:*:*
cpe:2.3:a:atos:unify_openscape_4000_manager:8:-:*:*:*:*:*:*
cpe:2.3:a:atos:unify_openscape_4000_manager:10:-:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10914
Средний
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.
EPSS
Процентиль: 93%
0.10914
Средний
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-77