NovaRad NovaPACS Diagnostics Viewer XML External Entity Injection Vulnerability Allowing File Disclosure
Vulnerability
A vulnerability allowing unauthenticated XML External Entity (XXE) injection has been identified in NovaRad NovaPACS Diagnostics Viewer version 8.5.19.75. This vulnerability resides within the XML preference import settings, where attackers can exploit the application by crafting malicious XML files that include DTD parameter entities. The exploitation of this vulnerability could lead to the retrieval of arbitrary system files through an out-of-band channel.
Impact
Exploitation of this vulnerability allows for unauthorized access to sensitive system files, potentially leading to further exploitation or information disclosure.
Reproduction
The vulnerability can be reproduced by importing a specially crafted XML file into the application's preference settings. The crafted XML file must include DTD parameter entities that reference sensitive files on the system. Once the file is imported, the application will retrieve the specified files and send them to an out-of-band server controlled by the attacker.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.