exploitDog

CVE-2022-37710

Опубликовано: 07 нояб. 2022

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.

Ссылки

https://justinshafer.blogspot.com/2022/08/eaglesofts-automatic-aes-256-encryption.html
Third Party Advisory
https://justinshafer.blogspot.com/2022/08/eaglesofts-automatic-aes-256-encryption.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pattersondental:eaglesoft:21.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-798

CWE-798

Связанные уязвимости

GHSA-xxx6-f4cg-v662

CVSS3: 7.8

github

больше 2 лет назад

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.

EPSS

Процентиль: 5%

0.00025

Низкий

7.8 High

CVSS3

Дефекты

CWE-798

CWE-798