Skip to content

Instantly share code, notes, and snippets.

@Shulelk

Shulelk/CVE-2024-25386.md

Last active April 15, 2024 09:53
Show Gist options
  • Save Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2 to your computer and use it in GitHub Desktop.
Save Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2 to your computer and use it in GitHub Desktop.
Download ZIP
DICOM Connectivity Framework (DCF) Operations Window Remote Command Execute
Raw
CVE-2024-25386.md

DICOM Connectivity Framework (DCF) Operations Window Remote Command Execute

Title: DICOM Connectivity Framework (DCF) Operations Window Remote Command Execute

Advisory ID: CVE-2024-25386

Type: Remote

Impact: Code execution, Information Disclosure

Release Date: 2024/2/29

Summary

The DICOM® Connectivity Framework (DCF) is an advanced, object-oriented collection of native software components implementing the DICOM v3.0 protocol for medical imaging systems. It includes a wide range of tools and utilities that support DICOM software development and testing.

Description

Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.

Vendor

laurelbridge - https://laurelbridge.com/

Affected Version

Less than or equal to 2.7.6b

PoC

https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/

Discoverer

Shule - [email protected]

References

[1] https://laurelbridge.com/

[2] https://laurelbridge.com/products/dcf/

[3] https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/

Contact

Shule

Web: https://sec.1i6w31fen9.top/

e-mail: [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment