CVE-2023-29473
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
06/04/2023
Last modified:
12/02/2025
Description
webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:atos:unify_openscape_4000:10:r1:*:*:*:*:*:* | ||
| cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://networks.unify.com/security/advisories/OBSO-2303-01.pdf
- https://www.news.de/technik/856806612/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/
- https://networks.unify.com/security/advisories/OBSO-2303-01.pdf
- https://www.news.de/technik/856806612/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-betroffene-systeme-und-produkte-neue-versionen-und-updates/1/