Santesoft Release Security Update to Address Vulnerability in Sante DICOM Viewer Pro

CVE-2024-1453 could allow the disclosure of confidential information or arbitrary code execution on affected devices

Threat ID:: CC-4456
Threat Severity:: Low
Published:: 28 February 2024 2:33 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2024-1453 could allow the disclosure of confidential information or arbitrary code execution on affected devices

Affected platforms

The following platforms are known to be affected:

Versions: v14.0.3 and prior

Santesoft Sante DICOM Viewer Pro

Threat details

Introduction

Santesoft has reported a vulnerability in their DICOM Viewer Pro product that could allow an attacker with network access to disclose confidential information or execute arbitrary code. The vulnerability has been assigned CVE-2024-1453 and is assessed to have a CVSSv3 score of 7.8.

Vulnerability details

CVE-2023-5059 - CWE-125 - Out-of-bounds Read

In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.

Remediation advice

Affected organisations are encouraged to review CISA advisory ICSMA-24-058-01 and apply the relevant update.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2024-1453

Last edited: 28 February 2024 4:10 pm