CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.

CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.

Since each Patterson Dental Eaglesoft 21 server has the same DLL or EXE file, it can’t be updated on a server-by-server basis to change which keys are used. As a result, if a hacker wants to hijack a server and change the DLL or EXE file, he can only change it on one server at a time and then it can be detected by the other servers and updated with the new DLL or EXE file.

CVE-2023-37711

This was a critical vulnerability that affected the DLL or EXE file and could have been exploited on multiple servers at once. The new DLL or EXE file can be updated by the Patterson Dental Eaglesoft 21 servers to fix this vulnerability.
The same vulnerability is present in the new version of Patterson Dental Eaglesoft 21, but it is fixed.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe