CVE-2023-48166 - Path Traversal vulnerability in Atos Unify OpenScape Voice

1. Vulnerability Properties

Title: Path Traversal vulnerability in Atos Unify OpenScape Voice
CVE ID: CVE-2023-48166
CVSSv3 Base Score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Vendor: Unify
Products: OpenScape Voice
Advisory Release Date: 12-01-2024
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-48166
Credits: Discovery by João Libório <joao.liborio[at]devoteam.com>

2. Vulnerability Summary

The SOAP Server integrated in Atos Unify OpenScape Voice is vulnerable to a path traversal that can be used to view the contents of arbritrary files in the local file system. This can allow an unauthenticated attacker to obtain information from sensitive files and compromise the underlying system.

3. Vulnerable Versions

  • OpenScape Voice V10 before V10R3.26.1

4. Solution

  • Update to version V10R3.26.1 or later

5. Vulnerability Timeline

  • 2/Nov/23  - Bug reported to Unify
  • 19/Dec/23 - Bug verified and fixed by vendor
  • 12/Jan/24 - Advisory released

6. References

  • https://networks.unify.com/security/advisories/OBSO-2401-01.pdf
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48166


© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.