Mirion Medical NMIS BioDose Incorrect Permission Vulnerability Allowing Executable Modification
Vulnerability
A vulnerability exists in Mirion Medical EC2 Software NMIS BioDose, specifically in versions through 22.02. The issue stems from the default installation directory paths, which have insecure file permissions. This flaw can enable users on client workstations to alter program executables and libraries. In networked installations using the embedded Microsoft SQL Server Express, the insecure permissions can also expose the SQL Server database and configuration files, potentially leading to unauthorized access and modification of sensitive data.
Impact
Exploitation of this vulnerability could allow users to modify program executables and libraries, disrupt the application's functionality, and access or alter sensitive information stored in the application's database.
Remediation
Users are advised to update to version 23.0 or later. Those with an active support contract can contact Mirion Medical support for assistance.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.