Mitel OpenScape 4000
Easy fix4 remedies
cpe:2.3:a:atos:unify_openscape_4000:*:*:*:*:*:*:*
Easy fix4 remedies
- >= V11 R0.22.0, <= V11 R0.22.1
- >= V10 R1.54.0, <= V10 R1.54.1
- <= V10 R1.42.6
Mitel OpenScape Command Injection Vulnerability in Platform Component
Vulnerability
Patched
A command injection vulnerability has been identified in the Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager. This vulnerability affects versions V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier. The issue arises from insufficient parameter sanitization, allowing an unauthenticated attacker to execute arbitrary commands at the same privilege level as the web access process.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of commands, potentially allowing an attacker to manipulate the system or its data, within the same privilege level as the web access process.
Remediation
Users are advised to upgrade to OpenScape 4000 PLT Hotfix (System & Manager) V11 R0.22.2 or later, or to OpenScape 4000 PLT Hotfix (System & Manager) V10 R1.54.2 or V10 R1.42.7. For OpenScape 4000 Manager V10, enable the secure mode on the platform via the command line interface. After upgrading, additional precautions should be taken.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.4impact
7.5exploitability
7.0remediation
8.3relevance
0.0threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.