CVE-2022-46898

Name of the Vulnerable Software and Affected Versions Vocera Report Server and Voice Server versions 5.x through 5.8

Description An issue was discovered that allows for Path Traversal via the filename provided for the "restore SQL data" functionality. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive expecting a SQL import file. However, the filename is not properly sanitized, allowing for the inclusion of a path-traversal payload to escape the intended Vocera restoration directory. An attacker could exploit this to point to a crafted ZIP archive containing SQL commands that could be executed against the database.

Recommendations For Vocera Report Server and Voice Server versions 5.x through 5.8, consider disabling the websocket function related to the "restore SQL data" feature until a patch is available. Restrict access to the database restoration functionality to minimize the risk of exploitation. Avoid using unsanitized filenames in the affected functionality to prevent path-traversal attacks.