9.8
CVSSv3

CVE-2022-2120

Published: 24/06/2022 Updated: 05/07/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

OFFIS DCMTK's (All versions before 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an malicious user to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

offis dcmtk

Vendor Advisories

Debian Bug report logs - #1014044 dcmtk: Multiple CVEs reported: CVE-2022-2119 CVE-2022-2120 CVE-2022-2121 Package: dcmtk; Maintainer for dcmtk is Debian Med Packaging Team <debian-med-packaging@listsaliothdebianorg>; Source for dcmtk is src:dcmtk (PTS, buildd, popcon) Reported by: Mathieu Malaterre <malat@debianorg&g ...

ICS Advisories

OFFIS DCMTK
Critical Infrastructure Sectors: Healthcare and Public Health