PACSOne Server Local File Inclusion (LFI) Scanner

PACSOne Server is a software commonly used in medical facilities to manage and store medical imaging data. It provides a robust platform for integrating with medical devices and offers capabilities for advanced data manipulation and analysis. The platform is utilized by healthcare professionals to ensure secure access and efficient management of medical images. PACSOne Server is valued for its compliance with DICOM standards, making it a critical tool in radiology departments. The software aims to streamline medical workflows by offering interfaces for viewing and transferring medical data. Its widespread use underscores the need for maintaining its security to protect sensitive medical information.

The Local File Inclusion (LFI) vulnerability allows attackers to include files on a server through the web browser. By exploiting LFI, an attacker can trick the web application into executing or exposing sensitive files on the server. This can lead to unauthorized access to configuration files, system data, or even execution of code if certain conditions are met. Typically, LFI is the result of insufficient input validation, which allows attackers to manipulate file paths within the application's interfaces. Addressing LFI is crucial to safeguarding applications from unauthorized data access and potential system compromise. Effective input filtering and validation are keys to preventing this vulnerability.

The PACSOne Server vulnerability stems from its handling of file paths within the integrated DICOM Web Viewer. Specifically, the application fails to properly sanitize input parameters on the endpoint <code>/pacsone/nocache.php?path=..</code>, allowing an attacker to include files from server directories. This oversight enables path traversal attacks, culminating in unauthorized file access. The nature of the vulnerability is such that it permits exposure of sensitive files like <code>/etc/passwd</code> under certain conditions, particularly when the server grants public access. The presence of this vulnerability reflects common pitfalls in web application security, where trust is misplaced in user-supplied inputs.

When exploited, the LFI vulnerability in PACSOne Server could lead to serious security breaches. Attackers may gain access to sensitive configuration files, posing a risk to the entire network and potentially leading to further exploitation. Unauthorized exposure of system files might provide attackers with insights into the server environment, aiding in the development of more advanced attacks. Furthermore, the disclosure of sensitive data can undermine patient confidentiality in medical setups, leading to legal and compliance issues. If left unremedied, such vulnerabilities can facilitate persistent threats within compromised networks.

REFERENCES

• https://cxsecurity.com/issue/WLB-2018010303