CVE-2024-1696

In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:santesoft:fft_imaging:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-11 17:15

Updated : 2025-02-18 13:43

NVD link : CVE-2024-1696

Mitre link : CVE-2024-1696

CVE.ORG link : CVE-2024-1696

JSON object : View

Products Affected

santesoft

fft_imaging

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-1696", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-11T17:15:46.007", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.\n\n"}, {"lang": "es", "value": "En Santesoft Sante FFT Imaging versiones 1.4.1 y anteriores, una vez que un usuario abre un archivo DCM malicioso en las instalaciones de FFT Imaging afectadas, un atacante local podr\u00eda realizar una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2025-02-18T13:43:18.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:fft_imaging:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A718BF3B-0247-49E7-B3D5-DDE14C75869A", "versionEndExcluding": "1.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}