File Overwriting Vulnerability in Orthanc by Ifc0
CVE-2023-33466

8.8HIGH

Key Information:

Vendor: Orthanc-server
Status: Orthanc
Vendor: CVE Published:; 29 June 2023

🔔 Create Orthanc-server Vulnerability Alert

What is CVE-2023-33466?

A flaw in Orthanc versions prior to 1.12.0 enables authenticated users with access to the Orthanc API to overwrite arbitrary files on the system. In certain configurations, this vulnerability can lead to the overwriting of critical configuration files, potentially enabling attackers to execute remote code, hence compromising the integrity and security of the affected deployments.

References

https://discourse.orthanc-server.org/t/security-advisory-...

https://www.debian.org/security/2023/dsa-5473

vendor-advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

mailing-list

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
May 22, 2023