1. EXECUTIVE SUMMARY
- CVSS v4 5.7
- ATTENTION: Low attack complexity
- Vendor: MicroDicom
- Equipment: DICOM Viewer
- Vulnerability: Improper Certificate Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following MicroDicom DICOM Viewer are affected:
- MicroDicom DICOM Viewer: Version 2024.03
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295
MicroDicom DICOM Viewer fails to adequately verify the update server’s certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the attackers to modify the server’s response and deliver a malicious update to the user.
CVE-2025-1002 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
A CVSS v4 score has also been calculated for CVE-2025-1002. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUART
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: