Vulnerability Description
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rainbowfishsoftware | Pacsone Server | < 7.1.1 |
Related Weaknesses (CWE)
References
- https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070dExploitThird Party Advisory
- https://pacsone.net/download.htmProductVendor Advisory
- https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070dExploitThird Party Advisory
- https://pacsone.net/download.htmProductVendor Advisory
FAQ
What is CVE-2020-29165?
CVE-2020-29165 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
How severe is CVE-2020-29165?
CVE-2020-29165 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-29165?
Check the references section above for vendor advisories and patch information. Affected products include: Rainbowfishsoftware Pacsone Server.