Platform
other
Component
sante-pacs-server
Opgelost in
3.3.4
CVE-2024-1863 is a critical SQL Injection vulnerability affecting Sante PACS Server versions 3.3.3–3.3.3. This flaw allows remote attackers to execute arbitrary code, potentially leading to complete system compromise. The vulnerability stems from improper input validation when processing the token parameter in HTTP requests on port 3000. A patch is available to address this issue.
The impact of CVE-2024-1863 is severe. Successful exploitation allows an attacker to inject malicious SQL code, which is then executed by the Sante PACS Server with NETWORK SERVICE privileges. This can lead to unauthorized access to sensitive patient data, modification of medical records, and even complete control over the server. Given the lack of authentication required, the attack surface is broad, and exploitation is relatively straightforward. The potential for data breaches and disruption of healthcare services is significant. This vulnerability shares characteristics with other SQL injection flaws where attackers can bypass authentication and gain elevated privileges.
CVE-2024-1863 was disclosed on April 1, 2024. It is currently tracked on the NVD. While no active exploitation campaigns have been publicly confirmed, the lack of authentication and the ease of exploitation make it a high-priority vulnerability. The EPSS score is likely to be assessed as high due to the critical CVSS score and the potential for widespread impact. Public proof-of-concept exploits are anticipated given the vulnerability's nature.
Healthcare organizations utilizing Sante PACS Server, particularly those with older versions (3.3.3–3.3.3), are at significant risk. Shared hosting environments where multiple PACS servers reside on the same infrastructure are also vulnerable, as a compromise of one server could potentially impact others. Systems with weak network segmentation are especially susceptible.
• windows / server: Monitor PowerShell for suspicious commands related to database access or SQL injection attempts. Use Windows Defender to scan for malicious scripts targeting the Sante PACS Server installation directory. • linux / server: Examine system logs (journalctl) for unusual database connection attempts or SQL errors. Use auditd to monitor access to the token endpoint (port 3000). • generic web: Use curl to test the token endpoint with various SQL injection payloads. Analyze access and error logs for suspicious requests.
curl -X POST -d 'token='; DROP TABLE users; -- http://<sante_pacs_server_ip>:3000/tokendisclosure
Exploit Status
EPSS
6.13% (91% percentiel)
CVSS-vector
The primary mitigation for CVE-2024-1863 is to upgrade Sante PACS Server to a patched version as soon as possible. If upgrading immediately is not feasible, consider implementing temporary workarounds. These may include restricting network access to the token endpoint (port 3000) to trusted sources only. Web Application Firewalls (WAFs) can be configured to detect and block SQL injection attempts targeting the token parameter. Thoroughly review and validate all user inputs within the application to prevent future injection vulnerabilities. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the token endpoint and verifying that it is properly sanitized.
Actualizar Sante PACS Server a una versión posterior a la 3.3.3 que corrija la vulnerabilidad de inyección SQL. Consultar el sitio web del proveedor para obtener la última versión y las instrucciones de actualización.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2024-1863 is a critical SQL Injection vulnerability in Sante PACS Server versions 3.3.3–3.3.3, allowing attackers to execute arbitrary code.
If you are running Sante PACS Server version 3.3.3–3.3.3, you are affected by this vulnerability and must upgrade immediately.
Upgrade to a patched version of Sante PACS Server. Until then, restrict network access and consider WAF rules.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's ease of exploitation makes it a high-priority risk.
Refer to the Sante PACS Server website and security advisories for the latest information and patch details.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.