CVE Vulnerabilities

CVE-2023-33466

Published: Jun 29, 2023 | Modified: Sep 12, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

Affected Software

Name Vendor Start Version End Version
Orthanc Orthanc-server * 1.12.0 (excluding)
Orthanc Ubuntu bionic *
Orthanc Ubuntu kinetic *
Orthanc Ubuntu lunar *
Orthanc Ubuntu mantic *
Orthanc Ubuntu trusty *
Orthanc Ubuntu xenial *

References