The vulnerability is located in the administrative web interface of the Atos Unify OpenScape products, which is used to configure and manage the systems.

The web interface does not properly validate the input from the user, which may allow an attacker to skip the web interface login process without credentials and run any code on the system. The vulnerability is very serious, and customers should apply the available patch as soon as possible.

This web interface is interesting for an attacker because it may allow them to access sensitive information, modify the system settings, disrupt the communication services, and use this as pivot point to other trusted systems.

Confidentiality: An attacker can access the system files and data, which may contain sensitive information, such as user credentials, configuration settings, call logs, voice recordings, etc. This may violate the privacy and security of the users and the organizations that use the products.

Integrity: An attacker can modify the system files and data, which may affect the functionality and performance of the products. This may cause errors, malfunctions, or misconfigurations that could compromise the quality and reliability of the communication services.

Availability: An attacker can delete the system files and data, which may render the products unusable or inaccessible. This may cause service disruptions, outages, or denial of service that could affect the availability and continuity of the communication services.

There is currently no evidence yet that this vulnerability has been actively exploited in the wild, but it is likely that threat actors become aware of the vulnerability and may try to exploit the vulnerability.