Arbitrary Code Execution via Path Traversal in Fox-IT DataDiode 3.4.3

Arbitrary Code Execution via Path Traversal in Fox-IT DataDiode 3.4.3

CVE-2022-47526 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction.

Learn more about our User Device Pen Test.