CVE-2023-45352 in OpenScape Common Management Portal V10
Summary
by MITRE • 10/25/2023
Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 02/09/2026
The vulnerability CVE-2023-45352 represents a critical path traversal flaw within the Atos Unify OpenScape Common Management Portal version 10 before releases V10 R4.17.0 and V10 R5.1.0. This security weakness exists in the web interface component of the Common Management Portal and enables authenticated attackers to escalate their privileges by executing arbitrary code on the underlying operating system. The flaw specifically allows attackers to write files outside of intended directories, effectively bypassing access controls and system boundaries that should normally protect the application's file system.
This vulnerability falls under the CWE-22 category of Path Traversal, which is classified as a direct result of insufficient input validation and inadequate access control mechanisms within the application's file handling routines. The issue stems from improper sanitization of user-supplied input that is processed by the web interface, allowing malicious actors to manipulate file paths and gain unauthorized access to critical system resources. The vulnerability is particularly concerning because it operates at the file system level, enabling attackers to modify or create arbitrary files with elevated privileges.
The operational impact of this vulnerability is severe as it provides attackers with the ability to execute arbitrary code on the target system, potentially leading to complete system compromise. An authenticated attacker could leverage this flaw to install malware, modify system configurations, access sensitive data, or establish persistent backdoors within the network infrastructure. The vulnerability affects the Common Management Portal's web interface, which typically serves as a central management point for telecommunications systems, making the potential impact even more significant for enterprise environments. The attack vector specifically targets the portal's file handling capabilities, allowing write operations outside intended directories through carefully crafted path traversal sequences.
Mitigation strategies for CVE-2023-45352 should include immediate deployment of vendor-provided patches and updates to versions V10 R4.17.0 and V10 R5.1.0 or later. Organizations should implement network segmentation to limit access to the Common Management Portal to authorized personnel only, and establish strict access control measures including multi-factor authentication and role-based permissions. Additionally, regular security assessments should be conducted to identify similar vulnerabilities in other systems and applications, while monitoring for suspicious file access patterns and unauthorized system modifications. The vulnerability aligns with ATT&CK technique T1059.007 for command and script interpreter, as it enables arbitrary code execution, and T1078 for valid accounts, since exploitation requires authentication credentials. Security teams should also consider implementing web application firewalls and input validation controls to prevent similar path traversal attacks in other applications within their infrastructure.