This alert highlights a critical DLL hijacking vulnerability in Varex Imaging’s Panoramic Dental Imaging Software, which could allow standard users to gain SYSTEM privileges. Mitigation includes deploying a software patch and implementing network security measures. #VarexImaging #CVE202422774
Keypoints
- The vulnerability affects versions prior to 6.6.1.490 of Varex Imaging’s Panoramic Dental Imaging Software.
- The flaw stems from an uncontrolled search path element leading to DLL hijacking.
- Successful exploitation can enable privilege escalation to NT Authority/SYSTEM.
- A patch has been provided by Varex Imaging to mitigate the vulnerability.
- Organizations are advised to enhance network security and perform risk assessments.
Read More: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-345-02