Relative Path Traversal Vulnerability in OFFIS DCMTK SCU: Remote Code Execution
CVE-2022-2120 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
Learn more about our User Device Pen Test.