CVE-2013-4425

{"id": "CVE-2013-4425", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-18T02:55:07.687", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html", "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/99518", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/63566", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88606", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using \"SuperSecretPassword\" as the hardcoded password, which allows local users to obtain the private key."}, {"lang": "es", "value": "El listener DICOM en OsiriX anterior a la versi\u00f3n 5.8 y anterior a 2.5-MD, durante su inicio, cifra el archivo de clave privada TLS usando \"SuperSecretPassword\" como contrase\u00f1a incrustada en el c\u00f3digo, lo que permite a usuarios locales obtener la llave privada."}], "lastModified": "2017-08-29T01:33:37.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:osirix-viewer:osirix:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ACA57B1-0AE6-4E58-A7C2-5B46DF2B0D46", "versionEndIncluding": "5.7"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631075E1-6A87-4A2D-A3EA-C3DBA963F8F1"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "981FC72F-2DCA-4D7E-8CDF-9ED2AB2F0474"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD7E9F6E-4E6F-4979-BEDF-18F92412623E"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAA1942D-169B-4B5B-AE4B-F842BA7ADF8B"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "760D1BA0-2018-4DB2-9426-A4E9EA634A49"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2AB9703-567E-435E-A022-DF0A5292CE26"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96802751-1914-40DA-AEB8-CED296A751A1"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7CF62F8-F92C-4B52-A3BF-63C377688B44"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0210D44-C254-4467-90FB-C7CC370F50FE"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88EDF921-80B6-4F7F-A93B-0049D6F051BD"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "697FBDAC-6A72-4BCD-B787-AB0FC2D718D7"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "465C5E82-3B85-478C-B471-C00F4388686A"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "867BFEA0-F910-4D99-B10E-1E46AF074339"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "306F9D56-21B3-4A97-9C36-85092D534C84"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "852F304B-89AD-40C5-8050-7B8F2A9E1B70"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED266897-E426-4BEC-A4D9-D9802277EB6A"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFA8659D-175A-4A46-A426-0BC47C12C169"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "167E5338-D231-4EFF-B66C-565A93B3855B"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0160C3FC-6BFC-4323-BD06-CE177CD92431"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96D8F007-7A4C-4D61-8EC2-B99FCF7A4CE1"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3584D9B-3F0D-4A2E-B971-B3732AFEAA98"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A68C0BB7-E405-49E1-A43C-24E9C6E9AFC8"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B924D71-358B-4D97-845A-DA1D7B89A242"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "181C32F3-C620-493B-98CC-FF792BD34FFC"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB80517C-82E8-4D4D-9921-C89D9D15EE10"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:2.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094B03AB-2C13-46CB-8C4A-759A97BA5AF9"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0ED8E46-A943-4D27-9B66-96206A12CD99"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67B25A19-9112-44FE-B877-4F6159476EA1"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC6606E-BD41-4AE3-87CE-A1F3B0EABD8B"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96B8A72A-8239-430C-8F69-E94A9540E8FE"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC3A980-7E84-4960-8FA3-A21D786A8ECD"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAD5D0CD-9688-409E-A9A9-BE3B75775EC9"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27EFD0EE-3BC1-4269-9FE5-20B12D0B3BB4"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "877E8EE1-7A54-4D0E-BAC4-A08F3E483CA2"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:3.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "872EADD2-FD26-4B3E-BFE5-003A415C8761"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FB7942E-C334-41B8-B3E0-C86FDD45C250"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:4.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA5FD5A4-5F88-49BA-B752-E56CD247A2AD"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6EE898E-365C-4C89-8889-ED14AC1000AC"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A8DF990-449D-43E8-8E4E-EF1B1EE82AC3"}, {"criteria": "cpe:2.3:a:osirix-viewer:osirix:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBD6CF2-A7C4-4F8C-B3A2-51BC54B73598"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:osirix-viewer:osirix_md:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83BAC0F7-4CDA-4D8F-ADBD-FF01647A58C8", "versionEndIncluding": "2.7"}], "operator": "OR"}]}], "evaluatorComment": "According to several reference links Osirix MD before 2.8 are vulnerable\n\nhttp://www.securityfocus.com/bid/63566/discuss\n\nhttp://archives.neohapsis.com/archives/bugtraq/2013-11/0029.html", "sourceIdentifier": "secalert@redhat.com"}