cvelistv5 - cve-2023-45351

cve-2023-45351

Vulnerability from cvelistv5

Published

2023-10-09 00:00

Modified

2024-09-19 15:38

Severity ?

Summary

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.

References

URL	Tags
cve@mitre.org	https://networks.unify.com/security/advisories/OBSO-2306-01.pdf	Vendor Advisory
cve@mitre.org	https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/	Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://networks.unify.com/security/advisories/OBSO-2306-01.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/	Press/Media Coverage

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T20:21:16.651Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-45351",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-19T15:37:53.160133Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-19T15:38:06.105Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-10-09T03:35:47.276246",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
            },
            {
               url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-45351",
      datePublished: "2023-10-09T00:00:00",
      dateReserved: "2023-10-09T00:00:00",
      dateUpdated: "2024-09-19T15:38:06.105Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*\", \"matchCriteriaId\": \"663FE8C5-3827-4B6D-A598-247D071DB0C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1AE8D88-E490-4426-8259-04F65409A2F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*\", \"matchCriteriaId\": \"A81CFBD0-39E6-4CF2-80DA-1785A6625C8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEB266EB-67B7-4007-A942-D64DB746BB2E\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.\"}, {\"lang\": \"es\", \"value\": \"Atos Unify OpenScape 4000 Assistant V10 R1 anterior a V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 anterior a V10 R1.42.1 y 4000 Manager V10 R0 permiten la inyecci\\u00f3n de comandos autenticados a trav\\u00e9s de AShbr. Esto tambi\\u00e9n se conoce como OSFOURK-24039.\"}]",
         id: "CVE-2023-45351",
         lastModified: "2024-11-21T08:26:47.237",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
         published: "2023-10-09T04:15:53.947",
         references: "[{\"url\": \"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}]",
         sourceIdentifier: "cve@mitre.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2023-45351\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-10-09T04:15:53.947\",\"lastModified\":\"2024-11-21T08:26:47.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.\"},{\"lang\":\"es\",\"value\":\"Atos Unify OpenScape 4000 Assistant V10 R1 anterior a V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 anterior a V10 R1.42.1 y 4000 Manager V10 R0 permiten la inyección de comandos autenticados a través de AShbr. Esto también se conoce como OSFOURK-24039.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*\",\"matchCriteriaId\":\"663FE8C5-3827-4B6D-A598-247D071DB0C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1AE8D88-E490-4426-8259-04F65409A2F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*\",\"matchCriteriaId\":\"A81CFBD0-39E6-4CF2-80DA-1785A6625C8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB266EB-67B7-4007-A942-D64DB746BB2E\"}]}]}],\"references\":[{\"url\":\"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:21:16.651Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45351\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-19T15:37:53.160133Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-19T15:38:00.434Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://networks.unify.com/security/advisories/OBSO-2306-01.pdf\"}, {\"url\": \"https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-10-09T03:35:47.276246\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2023-45351\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-19T15:38:06.105Z\", \"dateReserved\": \"2023-10-09T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-10-09T00:00:00\", \"assignerShortName\": \"mitre\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

WID-SEC-W-2023-1474

Vulnerability from csaf_certbund

Published

2023-06-14 22:00

Modified

2023-10-08 22:00

Summary

Unify OpenScape 4000: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

OpenScape 4000 ist eine konvergente Kommunikationslösung und bietet eine Prozess- und Workflow-Integration.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Unify OpenScape 4000 ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "OpenScape 4000 ist eine konvergente Kommunikationslösung und bietet eine Prozess- und Workflow-Integration.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Unify OpenScape 4000 ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- BIOS/Firmware",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-1474 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1474.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-1474 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1474",
         },
         {
            category: "external",
            summary: "Atos Unify Security Advisory Report - OBSO-2306-01 vom 2023-06-14",
            url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
         },
      ],
      source_lang: "en-US",
      title: "Unify OpenScape 4000: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-10-08T22:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:52:35.605+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-1474",
         initial_release_date: "2023-06-14T22:00:00.000+00:00",
         revision_history: [
            {
               date: "2023-06-14T22:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2023-10-08T22:00:00.000+00:00",
               number: "2",
               summary: "CVE ergänzt",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Assistant < V10 R1.42.1",
                        product: {
                           name: "Unify OpenScape 4000 Assistant < V10 R1.42.1",
                           product_id: "T028136",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:assistant__v10_r1.42.1",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Manager < V10 R1.42.1",
                        product: {
                           name: "Unify OpenScape 4000 Manager < V10 R1.42.1",
                           product_id: "T028137",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:manager__v10_r1.42.1",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Assistant < V10 R1.34.7",
                        product: {
                           name: "Unify OpenScape 4000 Assistant < V10 R1.34.7",
                           product_id: "T028138",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:assistant__v10_r1.34.7",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Manager < V10 R1.34.7",
                        product: {
                           name: "Unify OpenScape 4000 Manager < V10 R1.34.7",
                           product_id: "T028139",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:manager__v10_r1.34.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OpenScape 4000",
               },
            ],
            category: "vendor",
            name: "Unify",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-45351",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45351",
      },
      {
         cve: "CVE-2023-45350",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45350",
      },
      {
         cve: "CVE-2023-45349",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45349",
      },
   ],
}

wid-sec-w-2023-1474

Vulnerability from csaf_certbund

Published

2023-06-14 22:00

Modified

2023-10-08 22:00

Summary

Unify OpenScape 4000: Mehrere Schwachstellen

Notes

Produktbeschreibung

OpenScape 4000 ist eine konvergente Kommunikationslösung und bietet eine Prozess- und Workflow-Integration.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Unify OpenScape 4000 ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- BIOS/Firmware

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "OpenScape 4000 ist eine konvergente Kommunikationslösung und bietet eine Prozess- und Workflow-Integration.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Unify OpenScape 4000 ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- BIOS/Firmware",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-1474 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1474.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-1474 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1474",
         },
         {
            category: "external",
            summary: "Atos Unify Security Advisory Report - OBSO-2306-01 vom 2023-06-14",
            url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
         },
      ],
      source_lang: "en-US",
      title: "Unify OpenScape 4000: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-10-08T22:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:52:35.605+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-1474",
         initial_release_date: "2023-06-14T22:00:00.000+00:00",
         revision_history: [
            {
               date: "2023-06-14T22:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2023-10-08T22:00:00.000+00:00",
               number: "2",
               summary: "CVE ergänzt",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Assistant < V10 R1.42.1",
                        product: {
                           name: "Unify OpenScape 4000 Assistant < V10 R1.42.1",
                           product_id: "T028136",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:assistant__v10_r1.42.1",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Manager < V10 R1.42.1",
                        product: {
                           name: "Unify OpenScape 4000 Manager < V10 R1.42.1",
                           product_id: "T028137",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:manager__v10_r1.42.1",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Assistant < V10 R1.34.7",
                        product: {
                           name: "Unify OpenScape 4000 Assistant < V10 R1.34.7",
                           product_id: "T028138",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:assistant__v10_r1.34.7",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Unify OpenScape 4000 Manager < V10 R1.34.7",
                        product: {
                           name: "Unify OpenScape 4000 Manager < V10 R1.34.7",
                           product_id: "T028139",
                           product_identification_helper: {
                              cpe: "cpe:/h:unify:openscape_4000:manager__v10_r1.34.7",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "OpenScape 4000",
               },
            ],
            category: "vendor",
            name: "Unify",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-45351",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45351",
      },
      {
         cve: "CVE-2023-45350",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45350",
      },
      {
         cve: "CVE-2023-45349",
         notes: [
            {
               category: "description",
               text: "In Unify OpenScape 4000 existieren mehrere Schwachstellen. Die Fehler sind noch nicht im Detail beschrieben. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert erhöhte Rechte.",
            },
         ],
         release_date: "2023-06-14T22:00:00.000+00:00",
         title: "CVE-2023-45349",
      },
   ],
}

ghsa-wr2h-8phf-xf88

Vulnerability from github

Published

2023-10-09 06:30

Modified

2024-04-04 08:25

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2023-45351",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-77",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2023-10-09T04:15:53Z",
      severity: "HIGH",
   },
   details: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
   id: "GHSA-wr2h-8phf-xf88",
   modified: "2024-04-04T08:25:19Z",
   published: "2023-10-09T06:30:18Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45351",
      },
      {
         type: "WEB",
         url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
      },
      {
         type: "WEB",
         url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

fkie_cve-2023-45351

Vulnerability from fkie_nvd

Published

2023-10-09 04:15

Modified

2024-11-21 08:26

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://networks.unify.com/security/advisories/OBSO-2306-01.pdf	Vendor Advisory
cve@mitre.org	https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/	Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://networks.unify.com/security/advisories/OBSO-2306-01.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/	Press/Media Coverage

Impacted products

Vendor	Product	Version
atos	unify_openscape_4000_assistant	10
atos	unify_openscape_4000_assistant	10
atos	unify_openscape_4000_manager	10
atos	unify_openscape_4000_manager	10

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*",
                     matchCriteriaId: "663FE8C5-3827-4B6D-A598-247D071DB0C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*",
                     matchCriteriaId: "F1AE8D88-E490-4426-8259-04F65409A2F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
                     matchCriteriaId: "A81CFBD0-39E6-4CF2-80DA-1785A6625C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
                     matchCriteriaId: "EEB266EB-67B7-4007-A942-D64DB746BB2E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
      },
      {
         lang: "es",
         value: "Atos Unify OpenScape 4000 Assistant V10 R1 anterior a V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 anterior a V10 R1.42.1 y 4000 Manager V10 R0 permiten la inyección de comandos autenticados a través de AShbr. Esto también se conoce como OSFOURK-24039.",
      },
   ],
   id: "CVE-2023-45351",
   lastModified: "2024-11-21T08:26:47.237",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-10-09T04:15:53.947",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-77",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

gsd-2023-45351

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-45351

Aliases

CVE-2023-45351

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2023-45351",
      id: "GSD-2023-45351",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2023-45351",
         ],
         details: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
         id: "GSD-2023-45351",
         modified: "2023-12-13T01:20:38.214611Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2023-45351",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
                  refsource: "MISC",
                  url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
               },
               {
                  name: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
                  refsource: "MISC",
                  url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:atos:unify_openscape_4000_manager:10:r0:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:atos:unify_openscape_4000_assistant:10:r0:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2023-45351",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-77",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
                     refsource: "MISC",
                     tags: [
                        "Press/Media Coverage",
                     ],
                     url: "https://www.news.de/technik/856969401/unify-openscape-4000-gefaehrdet-it-sicherheitswarnung-vom-bsi-und-bug-report-bekannte-schwachstellen-und-sicherheitsluecken/1/",
                  },
                  {
                     name: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
                     refsource: "MISC",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://networks.unify.com/security/advisories/OBSO-2306-01.pdf",
                  },
               ],
            },
         },
         impact: {
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 2.8,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2023-10-12T18:36Z",
         publishedDate: "2023-10-09T04:15Z",
      },
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2023-45351

Vulnerability from cvelistv5

WID-SEC-W-2023-1474

Vulnerability from csaf_certbund

wid-sec-w-2023-1474

Vulnerability from csaf_certbund

ghsa-wr2h-8phf-xf88

Vulnerability from github

fkie_cve-2023-45351

Vulnerability from fkie_nvd

gsd-2023-45351

Vulnerability from gsd

Tags

Sightings

Nomenclature