CVE-2024-1696

In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:santesoft:fft_imaging:*:*:*:*:*:*:*:*

History

18 Feb 2025, 13:43

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 -~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 - Third Party Advisory, US Government Resource
CPE		cpe:2.3:a:santesoft:fft_imaging::::::::
First Time		Santesoft Santesoft fft Imaging

Information

Published : 2024-03-11 17:15

Updated : 2025-02-18 13:43

NVD link : CVE-2024-1696

Mitre link : CVE-2024-1696

CVE.ORG link : CVE-2024-1696

JSON object : View

Products Affected

santesoft

fft_imaging

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-1696", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-03-11T17:15:46.007", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.\n\n"}, {"lang": "es", "value": "En Santesoft Sante FFT Imaging versiones 1.4.1 y anteriores, una vez que un usuario abre un archivo DCM malicioso en las instalaciones de FFT Imaging afectadas, un atacante local podr\u00eda realizar una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2025-02-18T13:43:18.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:santesoft:fft_imaging:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A718BF3B-0247-49E7-B3D5-DDE14C75869A", "versionEndExcluding": "1.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}