Relative Path Traversal Vulnerability in OFFIS DCMTK SCU: Remote Code Execution

Relative Path Traversal Vulnerability in OFFIS DCMTK SCU: Remote Code Execution

CVE-2022-2120 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Learn more about our User Device Pen Test.