CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.stryker.com/us/en/about/governance/cyber-security/product-security/	Not Applicable
https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vocera:report_server::::::::
	cpe:2.3:a:vocera:voice_server::::::::

History

08 Aug 2023, 13:15

Type	Values Removed	Values Added
References		(MISC) https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html -

01 Aug 2023, 01:30

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CPE		cpe:2.3:a:vocera:voice_server:::::::: cpe:2.3:a:vocera:report_server::::::::
CWE		CWE-22
References	~~(MISC) https://www.stryker.com/us/en/about/governance/cyber-security/product-security/ -~~	(MISC) https://www.stryker.com/us/en/about/governance/cyber-security/product-security/ - Not Applicable

25 Jul 2023, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-25 20:15

Updated : 2024-10-29 14:35

NVD link : CVE-2022-46900

Mitre link : CVE-2022-46900

CVE.ORG link : CVE-2022-46900

JSON object : View

Products Affected

vocera

report_server
voice_server

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-46900", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2023-07-25T20:15:13.087", "references": [{"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters."}], "lastModified": "2024-10-29T14:35:14.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61B697DE-2326-4850-B92B-363CA5CEA015", "versionEndIncluding": "5.8.0.135", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C24A19CF-9202-43AE-A82C-EF80E4BABAFD", "versionEndIncluding": "5.8.0.135", "versionStartIncluding": "5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}