← Back

CVE-2022-46404

nvd nist
Published: Dec 13, 2022Modified: Apr 22, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.

Affected (4)

Atos
2 products
Unify Openscape 4000 Assistant
Unify Openscape 4000 Manager
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Atos
Unify Openscape 4000 Assistant
Version 10
Unify Openscape 4000 Assistant
Version 8
Atos
Unify Openscape 4000 Manager
Version 10
Unify Openscape 4000 Manager
Version 8

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
MitigationVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.