High-severity Vulnerability Patched in AJAT Panoramic Dental Imaging Software
A patch has been released to fix a high-severity vulnerability in AJAT Panoramic Dental Imaging software. The bug, tracked as CVE-2024-22774, affects the AJAT Panoramic Dental Imaging Software SDK and makes it vulnerable to DLL hijacking, potentially allowing an attacker to obtain NT Authority/SYSTEM as a standard user.
The vulnerability was identified by security researcher Damian Semon Jr. of Blue Team Alpha Inc. and affects AJAT Panoramic Dental Imaging Software versions prior to 6.6.1.490. The vulnerability is due to an uncontrolled search path element, and allows an attacker to escalate privileges via the ccsservice.exe component. The vulnerability is rated high-severity, with a CVSS v4 base score of 8.5 and a CVSS v3.1 base score of 7.8.
The software is owned by Varex Imaging, after it acquired Direct Conversion Lt (formerly Oh AJAT Ltd). Varex Imaging has released a patch to fix the vulnerability, and all users have been advised to install it as soon as possible. Users should follow the patching instructions, which require the installation executable to be run on each workstation running the Panoramic Dental Imaging software.
The vulnerability was reported to the Cybersecurity and Infrastructure Security Agency (CISA), which recommends taking steps to reduce the exploitation of vulnerabilities by locating software behind a firewall, preventing access via the Internet, and, if remote access is required, using a secure method of connection, such as a virtual private network (VPN) running the latest version of the software.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
