Login Sign Up

CVE-2023-2950

8.1 HIGH
Authentication Bypass

📋 TL;DR

CVE-2023-2950 is an improper authorization vulnerability in OpenEMR that allows authenticated users to access administrative functions without proper permissions. This affects all OpenEMR installations prior to version 7.0.1. The vulnerability enables privilege escalation within the healthcare management system.

💻 Affected Systems

Products:
  • OpenEMR
Versions: All versions prior to 7.0.1
Operating Systems: All platforms running OpenEMR
Default Config Vulnerable: ⚠️ Yes
Notes: All OpenEMR deployments with default configurations are vulnerable. Requires authenticated user access.

📦 What is this software?

Openemr by Open Emr

View all CVEs affecting Openemr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could gain administrative privileges, potentially accessing sensitive patient health records, modifying medical data, or disrupting healthcare operations.

🟠

Likely Case

Malicious insiders or compromised user accounts could escalate privileges to access restricted administrative functions and sensitive patient information.

🟢

If Mitigated

With proper network segmentation and strict access controls, impact would be limited to the OpenEMR application layer only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available through the huntr.dev bounty program. Requires authenticated user credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.1

Vendor Advisory: https://github.com/openemr/openemr/commit/abee8d2606c706176818de25eb88a2d08b8f7fa4

Restart Required: No

Instructions:

1. Backup your OpenEMR installation and database. 2. Download OpenEMR version 7.0.1 or later from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify the patch is applied by checking the version.

🔧 Temporary Workarounds

Restrict User Privileges

all

Temporarily reduce user privileges to minimum required levels to limit potential damage from privilege escalation.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate OpenEMR from other critical systems
  • Enable detailed audit logging and monitor for unauthorized access attempts to administrative functions

🔍 How to Verify

Check if Vulnerable:

Check OpenEMR version in the application interface or by examining the source code version files. If version is below 7.0.1, the system is vulnerable.

Check Version:

Check the OpenEMR interface or examine the version.php file in the installation directory.

Verify Fix Applied:

Verify the version is 7.0.1 or higher and test that non-admin users cannot access administrative functions they shouldn't have permissions for.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to administrative URLs by non-admin users
  • User privilege escalation events in application logs

Network Indicators:

  • Unusual patterns of requests to administrative endpoints from non-admin user accounts

SIEM Query:

source="openemr_logs" AND (url="*admin*" OR url="*manage*") AND user_role!="admin"

📊 Metadata

CVE ID: CVE-2023-2950
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-285
Published: May 28, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2950, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)
CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)
CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)