CVE-2022-46959

Name of the Vulnerable Software and Affected Versions Sonic version 1.0.4

Description The issue allows attackers to execute a directory traversal in the component /admin/backups/work-dir. This enables attackers to access files or directories outside the intended directory structure.

Recommendations For Sonic version 1.0.4, consider restricting access to the /admin/backups/work-dir component until a patch is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.