What is CVE-2023-33466?

CVE-2023-33466 is a vulnerability in N/a. Published 2023-06-29.

Is CVE-2023-33466 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploite…

EPSS: 0.577 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
H4lo/awesome-IoT-security-article
ShielderSec/poc
nomi-sec/PoC-in-GitHub
v3gahax/CVE-2023-33466

References

discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-runnin…
DSA-5473 (vendor-advisory)
[debian-lts-announce] 20230912 [SECURITY] [DLA 3562-1] orthanc security update (mailing-list)

Frequently asked questions

What is CVE-2023-33466?: CVE-2023-33466 is a vulnerability in N/a. Published 2023-06-29.
Is CVE-2023-33466 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.