Vulnerability Description
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fox-It | Fox Datadiode Firmware | 3.4.3 |
| Fox-It | Fox Datadiode | - |
Related Weaknesses (CWE)
References
- https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode/Product
- https://www.fox-it.com/nl-en/software-vulnerability-report/Product
- https://www.fox-it.com/nl-en/fox-crypto/fox-datadiode/Product
- https://www.fox-it.com/nl-en/software-vulnerability-report/Product
FAQ
What is CVE-2022-47526?
CVE-2022-47526 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitra...
How severe is CVE-2022-47526?
CVE-2022-47526 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-47526?
Check the references section above for vendor advisories and patch information. Affected products include: Fox-It Fox Datadiode Firmware, Fox-It Fox Datadiode.