INFINITT Healthcare INFINITT PACS Unrestricted File Upload Vulnerability Allowing System Compromise
Vulnerability
A vulnerability exists in INFINITT Healthcare's PACS System Manager, all versions through 3.0.11.5 BN9. This vulnerability allows attackers to upload arbitrary files via a specific service, potentially leading to unauthorized remote code execution or system compromise. Additionally, this vulnerability exposes sensitive system information to unauthorized users, allowing access to restricted system resources.
Impact
Exploitation of this vulnerability could result in unauthorized file uploads, leading to malicious file execution and system compromise.
Remediation
Users are advised to update to the latest version of the software (3.0.11.5 BN10 or later), which includes necessary security patches. For those using INFINITT ULite integrated with INFINITT PACS, patching is required for the PACS environment. After applying the patch, configure the System Manager settings to restrict unauthorized file uploads.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.