CVE-2025-1002

Опубликовано: 10 фев. 2025

Источник: nvd

CVSS3: 5.7

CVSS3: 5.3

EPSS Низкий

Описание

MicroDicom DICOM Viewer version 2024.03

fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

Ссылки

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microdicom:dicom_viewer:2024.3:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00019

Низкий

5.7 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-mrrq-63xh-fccm

CVSS3: 5.7

github

12 месяцев назад

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server's response and deliver a malicious update to the user.

EPSS

Процентиль: 4%

0.00019

Низкий

5.7 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-295