Since each Patterson Dental Eaglesoft 21 server has the same DLL or EXE file, it can’t be updated on a server-by-server basis to change which keys are used. As a result, if a hacker wants to hijack a server and change the DLL or EXE file, he can only change it on one server at a time and then it can be detected by the other servers and updated with the new DLL or EXE file.

CVE-2023-37711

This was a critical vulnerability that affected the DLL or EXE file and could have been exploited on multiple servers at once. The new DLL or EXE file can be updated by the Patterson Dental Eaglesoft 21 servers to fix this vulnerability.
The same vulnerability is present in the new version of Patterson Dental Eaglesoft 21, but it is fixed.

Timeline

Published on: 11/07/2022 00:15:00 UTC
Last modified on: 11/08/2022 17:12:00 UTC

References