1. EXECUTIVE SUMMARY
- CVSS v4 5.7
- ATTENTION: Low attack complexity
- Vendor: Medixant
- Equipment: RadiAnt DICOM Viewer
- Vulnerability: Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Medixant products are affected:
- RadiAnt DICOM Viewer: Version 2024.02
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295
The affected product is vulnerable due to failure of the update mechanism to verify the update server’s certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server’s response and deliver a malicious update to the user.
CVE-2025-1001 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-1001. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEA
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: