Executive Summary

This vulnerability in Uniweb/SoliPACS WebServer is a Missing Authentication issue that allows unauthenticated remote attackers to access a specific page on the server. Through this access, attackers can obtain sensitive information such as account names and IP addresses without needing to log in or have proper authorization. [1]

Useful 0 Not Useful 0

Impact Analysis

The impact of this vulnerability is that unauthorized individuals can remotely access sensitive information like account names and IP addresses. This exposure can lead to privacy breaches, targeted attacks, or further exploitation since attackers gain information that should be protected behind authentication. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection can be performed by attempting to access the specific web pages on the Uniweb/SoliPACS WebServer without authentication to see if account names and IP addresses are disclosed. Since the vulnerability allows unauthenticated remote access to certain pages, you can use tools like curl or wget to request these pages and check the responses for sensitive information. For example, a command like 'curl http://<target-server>/<vulnerable-page>' can be used to test if the page is accessible without authentication and reveals account or IP information. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to update the Uniweb/SoliPACS WebServer software to a version later than 12.1.2577, as the vulnerability affects versions 12.1.2577 and earlier. Applying this update will fix the missing authentication issue and prevent unauthenticated access to sensitive information. [1]

Useful 0 Not Useful 0