CVE-2022-45473 is a medium-severity vulnerability identified in drachtio-server version 0.8.18. The issue arises from insecure file permissions set on the logging directory and log file: specifically, the /var/log/drachtio directory is assigned mode 0777, allowing read, write, and execute permissions for all users, and the drachtio.log file within it is set to mode 0666, permitting read and write access to all users. This misconfiguration can lead to unauthorized users on the same system modifying or deleting log files, potentially enabling log tampering or deletion. Since logs are critical for auditing and forensic analysis, their compromise can hinder incident response and conceal malicious activities. The CVSS 3.1 base score is 5.5 (medium), with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that the vulnerability requires local access with low privileges and no user interaction, and impacts confidentiality by exposing log contents or enabling log manipulation, but does not affect integrity or availability directly. No known exploits in the wild have been reported, and no official patches or vendor information are provided. The vulnerability is specific to the drachtio-server, an open-source SIP server framework used for building telephony applications, which may be deployed in telecommunication infrastructures or VoIP services.

For European organizations utilizing drachtio-server 0.8.18, this vulnerability poses a risk primarily to the confidentiality and reliability of log data. Attackers with local access could read sensitive information contained in logs, such as call metadata or system activity, potentially exposing private communications or system details. Additionally, the ability to modify or delete logs undermines trust in audit trails, complicating detection of malicious activities or compliance with regulatory requirements such as GDPR, which mandates secure logging for data protection. Telecommunications providers, VoIP service operators, and enterprises relying on drachtio-server for SIP signaling could face increased risk of insider threats or lateral movement by attackers who gain limited system access. Although the vulnerability does not directly affect system availability or integrity, the indirect consequences of compromised logs can be significant, including delayed incident response and regulatory penalties. Given the local access requirement, the threat is more relevant in environments where multiple users have system access or where attackers can escalate privileges to gain local presence.

To mitigate CVE-2022-45473, organizations should immediately review and correct file permissions for the /var/log/drachtio directory and drachtio.log file. Specifically, set the directory permissions to 0750 or 0755 depending on operational needs, restricting write access to only the drachtio-server process owner and trusted administrators. The log file should have permissions set to 0640 or 0644, preventing unauthorized write access. Implement strict user access controls and limit local system access to trusted personnel only. Employ file integrity monitoring tools to detect unauthorized changes to log files and directories. Additionally, consider running drachtio-server under a dedicated, least-privileged user account to minimize exposure. Regularly audit system permissions and logs to ensure compliance with security policies. If possible, upgrade to a later version of drachtio-server where this issue is addressed or apply vendor-provided patches once available. Network segmentation and host-based intrusion detection can further reduce the risk of unauthorized local access. Finally, maintain comprehensive incident response plans that account for potential log tampering scenarios.