CVE-2017-16776 — HIGH (8.1)

Vulnerability Description

Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mckesson	Conserus Workflow Intelligence	2.0.2

References

https://technical.nttsecurity.com/post/102emjm/conserus-workflow-intelligence-auExploitThird Party Advisory
https://technical.nttsecurity.com/post/102emjm/conserus-workflow-intelligence-auExploitThird Party Advisory

FAQ

What is CVE-2017-16776?

CVE-2017-16776 is a vulnerability with a CVSS score of 8.1 (HIGH). Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Hea...

How severe is CVE-2017-16776?

CVE-2017-16776 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-16776?

Check the references section above for vendor advisories and patch information. Affected products include: Mckesson Conserus Workflow Intelligence.