CVE-2020-29165
Description
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PacsOne Server/PacsOne Serverdescription
- Range: <7.1.1
Patches
Vulnerability mechanics
Root cause
"Incorrect access control in PacsOne Server versions below 7.1.1 allows unauthenticated remote privilege escalation to administrator."
Attack vector
An attacker can exploit incorrect access controls to remotely gain administrator privileges without prior authentication [ref_id=1]. The advisory does not detail the exact network path or payload shape, but the impact is that a remote, unauthenticated attacker can elevate their privileges to administrator level. No CWE is pre-assigned in the bundle, and no reference write-up names a specific weakness class, so no CWE is cited.
Affected code
The advisory does not specify which files or functions are at fault. The vulnerability is described as an incorrect access control issue in PacsOne Server (PACS Server In One Box) versions below 7.1.1 [ref_id=1]. No patch or code diff is provided in the bundle.
What the fix does
The advisory states that the vulnerability is fixed in version 7.1.1 [ref_id=1]. No patch diff is available in the bundle, so the specific code changes are unknown. The vendor's remediation is to upgrade to PacsOne Server version 7.1.1 or later.
Preconditions
- configThe target must be running PacsOne Server version below 7.1.1
- networkThe attacker must have network access to the PacsOne Server web interface or DICOM service
Generated on May 31, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2- gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070dmitrex_refsource_MISC
- pacsone.net/download.htmmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.