PatchSiren cyber security CVE debrief
CVE-2024-1696 Santesoft CVE debrief
CVE-2024-1696 is a high-severity vulnerability in Santesoft Sante FFT Imaging, a medical imaging software used for processing DICOM (DCM) files. Published on March 5, 2024, this vulnerability affects versions 1.4.1 and prior. The flaw stems from an out-of-bounds write condition that triggers when a user opens a maliciously crafted DCM file. A local attacker can exploit this to achieve arbitrary code execution with the privileges of the user running the application. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector requiring user interaction. The vulnerability is particularly concerning in healthcare environments where DICOM files are routinely exchanged and processed. Santesoft has released version 1.4.2 to address this issue. CISA has issued advisory ICSMA-24-065-01 providing additional mitigation guidance.
- Vendor
- Santesoft
- Product
- Sante FFT Imaging
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-03-05
- Original CVE updated
- 2024-03-05
- Advisory published
- 2024-03-05
- Advisory updated
- 2024-03-05
Who should care
Healthcare organizations, medical imaging departments, radiology practices, and any entities using Sante FFT Imaging for DICOM file processing should prioritize this vulnerability. System administrators managing medical workstations and security teams responsible for protecting patient data and clinical systems are particularly affected.
Technical summary
The vulnerability exists in the DCM file parsing functionality of Sante FFT Imaging versions ≤1.4.1. Insufficient bounds checking during file processing enables an out-of-bounds write memory corruption condition. Exploitation requires a local attacker to convince a user to open a crafted DCM file, after which code execution occurs in the user's security context. The attack complexity is low, and no privileges are required, though user interaction is necessary. The vulnerability does not cross security boundaries (unchanged scope).
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Sante FFT Imaging to version 1.4.2 or later immediately.
- Implement application whitelisting to prevent execution of unauthorized software.
- Train users to avoid opening DCM files from untrusted sources.
- Apply principle of least privilege to limit impact of potential exploitation.
- Consider network segmentation for systems processing medical imaging data.
Evidence notes
Vulnerability details sourced from CISA CSAF advisory ICSMA-24-065-01. Vendor fix confirmed via Santesoft download page referenced in remediation data. CVSS vector and score derived from official CISA source.
Official resources
-
CVE-2024-1696 CVE record
CVE.org
-
CVE-2024-1696 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-03-05