CVE-2023-7216 is a path traversal vulnerability identified in the CPIO utility included in Red Hat Enterprise Linux 6. The flaw arises because the archiver improperly limits pathname resolution during archive extraction, allowing symlinks within the archive to be followed outside the intended extraction directory. This enables an attacker to craft a malicious archive that, when extracted by a user, can cause files to be written to arbitrary locations on the filesystem. The vulnerability requires the victim to open and extract the specially crafted archive, meaning user interaction is necessary. The attack vector is local or remote with user interaction (AV:L/UI:R), and no privileges are required to trigger the issue. The impact includes potential confidentiality loss (due to overwriting sensitive files), integrity compromise (altering critical files), and availability degradation (disrupting system files). The CVSS v3.1 base score is 5.3, indicating medium severity. No public exploits or active exploitation have been reported yet. The vulnerability primarily affects legacy RHEL 6 systems, which remain in use in some environments due to long-term support or legacy application dependencies. The issue highlights the risk of extracting untrusted archives without proper safeguards.

For European organizations, especially those in sectors such as government, finance, healthcare, and critical infrastructure that may still operate legacy Red Hat Enterprise Linux 6 systems, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized file writes, potentially allowing attackers to overwrite configuration files, implant malicious code, or disrupt services. This could result in data breaches, system instability, or denial of service conditions. Since exploitation requires user interaction, the risk is somewhat mitigated but remains significant in environments where users frequently handle archive files from untrusted sources. Organizations relying on legacy systems with limited patching options are particularly vulnerable. The impact on confidentiality, integrity, and availability could affect compliance with European data protection regulations such as GDPR if sensitive data is compromised or systems are disrupted.

1. Apply official patches from Red Hat as soon as they become available to address this vulnerability. 2. Until patches are deployed, avoid extracting archive files from untrusted or unknown sources on RHEL 6 systems. 3. Implement strict user training and awareness programs to reduce the risk of users opening malicious archives. 4. Use sandboxed or containerized environments for archive extraction to contain potential damage. 5. Employ file integrity monitoring to detect unauthorized changes to critical system files. 6. Consider upgrading from RHEL 6 to a more recent, supported version of Red Hat Enterprise Linux to benefit from improved security features and ongoing support. 7. Restrict user permissions to limit the ability to write files outside designated directories during extraction processes. 8. Monitor system logs for unusual file write activities that may indicate exploitation attempts.