CVE-2023-33466:

0.0 CVSS

Description

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).

Classification

CVE ID: CVE-2023-33466

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.37% (probability of being exploited)

EPSS Percentile: 72.62% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
https://www.debian.org/security/2023/dsa-5473
https://lists.debian.org/debian-lts-announce/2023/09/msg00009.html

Timeline

2024-11-27 14:41:05 UTC
CVE