CVE-2023-48166

Vulnerability

The SOAP Server integrated in Atos Unify OpenScape Voice V10 before version V10R3.26.1 is vulnerable to a directory traversal attack. An unauthenticated remote attacker can exploit this to read arbitrary files from the local file system. [1]

Exploitation

The attacker does not require authentication or user interaction. The vulnerability is reachable over the network (adjacent network, CVSS AV:A) via the SOAP interface. By crafting a malicious request with path traversal sequences (e.g., ../), the attacker can navigate outside the intended directory and retrieve sensitive files. [1]

Impact

Successful exploitation allows the attacker to read arbitrary files, potentially including configuration files, credentials, or other sensitive data. This could lead to full compromise of the underlying system. The CVSSv3 base score is 7.4 (High) with confidentiality impact High, integrity and availability None. [1]

Mitigation

The vendor released a fix in version V10R3.26.1. Users should update to this version or later. No workarounds are mentioned. The vulnerability was reported on 2 Nov 2023 and fixed on 19 Dec 2023. [1]