CVE-2024-25386

EUVD-2024-22719
Directory Traversal vulnerability in DICOMĀ® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Common Weakness Enumeration
References
https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2
https://laurelbridge.com/security-notice-cve-2024-25386-potential-vulnerability/
https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/
https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2
https://laurelbridge.com/security-notice-cve-2024-25386-potential-vulnerability/
https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/