CVE-2023-48166
Last modified
CVE-2023-48166 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Unify | Openscape Voice | 10.0 |
References
- https://labs.integrity.pt/advisories/cve-2023-48166/Third Party Advisory
- https://labs.integrity.pt/advisories/cve-2023-48166/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-48166?
How severe is CVE-2023-48166?
How do I fix CVE-2023-48166?
Are you affected by CVE-2023-48166?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST