Lucene search

CertccCVE-2016-2343

HistoryApr 01, 2016 - 11:59 p.m.

CVE-2016-2343

2016-04-0123:59:01

certcc

web.nvd.nist.gov

cve-2016-2343

patterson dental eaglesoft 17

hardcoded password

remote attackers

sensitive information

sql vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.

Affected configurations

Nvd

Node

patterson_dentaleaglesoftMatch17.0

VendorProductVersionCPE
patterson_dentaleaglesoft17.0cpe:2.3:a:patterson_dental:eaglesoft:17.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
patterson_dental	eaglesoft	17.0	cpe:2.3:a:patterson_dental:eaglesoft:17.0:::::::*

References

justinshafer.blogspot.com/2016/02/moving-onto-eaglesoft-aka-patterson.html

www.kb.cert.org/vuls/id/344432

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVE-2016-2343