CVE-2024-52883

CVE-2024-52883 is a path traversal vulnerability (CWE-22) affecting AudioCodes One Voice Operations Center (OVOC) versions before 8.4.582. The flaw enables unauthenticated access to sensitive data through improper handling of file paths in requests. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact, network accessibility, low attack complexity, and no requirements for privileges or user interaction.

An unauthenticated attacker with network access to an affected OVOC instance can exploit this vulnerability by crafting requests that manipulate directory traversal sequences, such as using "../" patterns, to read arbitrary sensitive files on the server. Successful exploitation results in unauthorized disclosure of confidential information, potentially including configuration data, logs, or other proprietary files, without impacting integrity or availability.

Advisories provide further details on the issue, including SYSS-2024-075 available at https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-075.txt and the AudioCodes OVOC product page at https://www.audiocodes.com/solutions-products/products/management-products-solutions/one-voice-operations-center. The vulnerability was published on 2025-02-07, and upgrading to OVOC 8.4.582 or later addresses the path traversal flaw.