Lucene search

[email protected]NVD:CVE-2022-46900

HistoryJul 25, 2023 - 8:15 p.m.

CVE-2022-46900

2023-07-2520:15:13

CWE-22

[email protected]

web.nvd.nist.gov

vocera report server

voice server

path traversal

task exec

vocera report console

authenticated user

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

28.0%

JSON

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.

Affected configurations

Nvd

Node

vocerareport_serverRange5.0.0–5.8.0.135

voceravoice_serverRange5.0.0–5.8.0.135

VendorProductVersionCPE
vocerareport_server*cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*
voceravoice_server*cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vocera	report_server	*	cpe:2.3:a:vocera:report_server::::::::
vocera	voice_server	*	cpe:2.3:a:vocera:voice_server::::::::

References

www.stryker.com/us/en/about/governance/cyber-security/product-security/

www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

28.0%

JSON

Related for NVD:CVE-2022-46900

prion1 cve1 cvelist1