Vulnerability Details CVE-2022-24629
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.487
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2022-24629
-
cpe:2.3:a:audiocodes:device_manager_express:*