CVE-2022-47526

Name of the Vulnerable Software and Affected Versions Fox-IT DataDiode (aka Fox DataDiode) version 3.4.3

Description The issue is a path traversal vulnerability that allows for arbitrary writing of files. A remote attacker could exploit this to achieve arbitrary code execution in the context of the downstream node user. This exploitation does not require any user interaction.

Recommendations For Fox-IT DataDiode (aka Fox DataDiode) version 3.4.3, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional security measures to prevent arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.