Vulnerability Details : CVE-2019-11687
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files.
Vulnerability category: Input validation
Products affected by CVE-2019-11687
- cpe:2.3:a:nema:dicom_standard:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11687
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11687
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-11687
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11687
-
https://github.com/d00rt/pedicom
GitHub - d00rt/pedicom: Documentation and proofs of concept on the polyglot file PEDICOM (PE executable + DICOM)Exploit;Third Party Advisory
-
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
pedicom/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf at master · d00rt/pedicom · GitHubTechnical Description;Third Party Advisory
-
https://labs.cylera.com/2019.04.16/pe-dicom-medical-malware
HIPAA-Protected Malware? Exploiting DICOM Flaw to Embed Malware in CT/MRI Imagery – Cylera LabsExploit;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/108730
NEMA DICOM Standard CVE-2019-11687 Local Security Bypass Vulnerability
Jump to