What is CVE-2022-2120?

CVE-2022-2120 is a high-severity vulnerability in Offis Dcmtk, classified under Relative Path Traversal. CVSS score: 7.5/10. Published 2022-06-24.

How severe is CVE-2022-2120?

High severity. CVSS v3 base score is 7.5 out of 10.

Path Traversal in Offis Dcmtk

CVE-2022-2120

OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execut…

EPSS: 0.057 (90.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Offis Dcmtk — versions unspecified

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

www.cisa.gov/uscert/ics/advisories/icsma-22-174-01 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2120?: CVE-2022-2120 is a high-severity vulnerability in Offis Dcmtk, classified under Relative Path Traversal. CVSS score: 7.5/10. Published 2022-06-24.
How severe is CVE-2022-2120?: High severity. CVSS v3 base score is 7.5 out of 10.