Sante FFT Imaging Vulnerability Allows Arbitrary Code Execution
CVE-2024-1696

7.8HIGH

Key Information:

Vendor: Santesoft
Status: Sante Fft Imaging
Vendor: CVE Published:; 11 March 2024

What is CVE-2024-1696?

A significant vulnerability exists in Santesoft's Sante FFT Imaging software, specifically in versions 1.4.1 and earlier. When a user interacts with a specially crafted DCM file, a local attacker may exploit an out-of-bounds write condition, leading to potential arbitrary code execution. This risk underscores the importance of maintaining software security and implementing effective measures to mitigate such vulnerabilities.

Affected Version(s)

Sante FFT Imaging 0 <= 1.4.1

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2024
Vulnerability Reserved
Feb 21, 2024

Credit

Michael Heinzl reported this vulnerability to CISA.