Carestream remediated an information exposure through an error message in its Vue RIS, according to a report with NCCIC.
An attacker with access to the network of the affected system can passively read traffic.
A web-based radiology information system, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5 suffers from the remotely exploitable vulnerability, discovered by Dan Regalado of Zingbox.
When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack.
CVE-2018-17891 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.7.
The product sees use mainly in the healthcare and public health sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
Carestream remediated the vulnerability in the current version of the software and have provided the following workarounds for past versions which are affected.
Given the mitigation instructions provided, this vulnerability is considered controlled vs. uncontrolled.
• RIS v11.3 forward | R&D has addressed the information leakage and enabled SSL.
• For RIS 11.2 running Windows 8.1 and IIS 7.2:
1. Disable “Show debug messages.”
2. Enable SSL for client/server communications.
Contact Carestream support for assistance.
Users can open a request through the eService portal.