CVE-2022-46902

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 25, 2023

Updated: Aug 4, 2023

CWE ID 22

Summary

CVE-2022-46902 is a path traversal vulnerability affecting Vocera Report Server and Voice Server 5.x through 5.8. The issue lies in the Vocera Report Console's websocket function, which restores the database from a ZIP archive. During the unzip operation, the code accepts file paths from the archive but fails to validate them effectively, allowing for potential directory traversal payloads. As a result, the intended destination of the unzip operation may be bypassed, posing a security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sHVO41
https://www.cve.org/CVERecord?id=CVE-2022-46902
https://nvd.nist.gov/vuln/detail/CVE-2022-46902

Back to Vulnerability Database

CVE-2022-46902

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations