{"vulnerability": "CVE-2023-33466", "sightings": [{"uuid": "41cb041b-3cec-4d02-9265-d516252bd005", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/381", "content": "Top Security News for 25/10/2023\n\nCVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files\nhttps://www.reddit.com/r/netsec/comments/17f9yci/cve202333466_exploiting_healthcare_servers_with/ \n\n[Crypto] Why authenticated encryption and MAC is so important\nhttps://www.reddit.com/r/netsec/comments/17fg28x/crypto_why_authenticated_encryption_and_mac_is_so/ \n\nEx-NSA Employee Pleads Guilty to Leaking Classified Data to Russia\nhttps://thehackernews.com/2023/10/ex-nsa-employee-pleads-guilty-to.html \n\nAI vs. human deceit: Unravelling the new age of phishing tactics\nhttps://securityintelligence.com/posts/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/ \n\nISC StormCast for Wednesday, October 25th, 2023\nhttps://isc.sans.edu/podcastdetail/8716 \n\nMake API Management Less Scary for Your Organization\nhttps://thehackernews.com/2023/10/make-api-management-less-scary-for-your.html \n\nTwo new things to worry about: how long it takes to read the fine print, and bed bug disinformation.\nhttps://thecyberwire.com/podcasts/daily-podcast/1933/notes \n\nGoogle Chrome wants to hide your IP address\nhttps://www.malwarebytes.com/blog/news/2023/10/google-wants-to-introduce-ip-protection-feature-for-chrome \n\nAmazon adds passkeys so you can sign in without a pesky password\nhttps://malware.news/t/amazon-adds-passkeys-so-you-can-sign-in-without-a-pesky-password/74898#post_1 \n\nNow Android and Windows devices aren't safe from Flipper Zero either\nhttps://malware.news/t/now-android-and-windows-devices-arent-safe-from-flipper-zero-either/74897#post_1 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-10-25T07:00:06.000000Z"}, {"uuid": "ba7c015d-47ab-4771-aeee-bd5816929377", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "published-proof-of-concept", "source": "https://t.me/cKure/12040", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files.\n\nhttps://www.shielder.com/blog/2023/10/cve-2023-33466-exploiting-healthcare-servers-with-polyglot-files/", "creation_timestamp": "2023-11-29T22:26:03.000000Z"}, {"uuid": "5e27b657-5856-48b4-9237-dd877c22bfa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "seen", "source": "https://t.me/cibsecurity/65721", "content": "\u203c CVE-2023-33466 \u203c\n\nOrthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T18:14:26.000000Z"}, {"uuid": "4d14f9f5-ae46-41af-9d7a-92bd74e7b82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33466", "type": "seen", "source": "https://t.me/arpsyndicate/876", "content": "#ExploitObserverAlert\n\nCVE-2023-33466\n\nDESCRIPTION: Exploit Observer has 5 entries related to CVE-2023-33466. Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).\n\nFIRST-EPSS: 0.001290000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-02T01:49:47.000000Z"}]}