CVE-2022-37710

HIGH

Patterson Dental Eaglesoft 21 - Use of Hard-coded Credentials

Title source: llm

Description

Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.

References (1)

Core 1

Core References

Third Party Advisory

https://justinshafer.blogspot.com/2022/08/eaglesofts-automatic-aes-256-encryption.html

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 1.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

pattersondental/eaglesoft 21.0

Published Nov 07, 2022

Tracked Since Feb 18, 2026