CVE-2023-33466
orthanc - security update
8.8
HIGH
CVSS 3.1
EPSS 57.7%
Description
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).
How to fix CVE-2023-33466
To remediate CVE-2023-33466, upgrade the affected package to a fixed version below.
- —upgrade to 1.9.2+really1.9.1+dfsg-1+deb11u1 or later
- —upgrade to 1.5.6+dfsg-1+deb10u1 or later
- —upgrade to 1.9.2+really1.9.1+dfsg-1+deb11u1 or later
Is CVE-2023-33466 being exploited?
Likely — EPSS is 57.7%, placing CVE-2023-33466 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (3)
- from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u1
- from 0, < 1.5.6+dfsg-1+deb10u1
- from 0, < 1.9.2+really1.9.1+dfsg-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |