CVE-2022-24629
Published: 29 May 2023
Summary
CVE-2022-24629 is a critical-severity Path Traversal (CWE-22) vulnerability in Audiocodes Device Manager Express. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
AudioCodes Device Manager Express through version 7.8.20002.47752 is affected by a path traversal vulnerability tracked as CVE-2022-24629 and assigned CWE-22. The flaw resides in the dir parameter of the file upload functionality in BrowseFiles.php, which fails to properly sanitize input and permits an attacker to write a PHP file into the WebAdmin/admin/AudioCodes_files/ajax/ directory.
An unauthenticated remote attacker can exploit the issue over the network without user interaction by supplying a crafted directory traversal sequence during file upload. Successful exploitation yields arbitrary code execution on the server, resulting in complete loss of confidentiality, integrity, and availability as reflected in the CVSS 9.8 base score.
Public references point to Full Disclosure postings from February 2023 that describe the vulnerability, though no vendor patch or mitigation guidance is detailed in the available references. The associated EPSS score has reached a peak of 0.4873 with a current value of 0.4023, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29505
Vulnerability details
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.