Overview
- Description
- The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
- Source
- productsecurity@baxter.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- productsecurity@baxter.com
- CWE-306
Social media
- Hype score
- Not currently trending
CVE-2024-48966 Ventilator Tool Access Flaw No Authentication, High Risk... https://t.co/YOFv7Dmqbh Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
15 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-48966 The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where th… https://t.co/PDRu0HFprb
@CVEnew
14 Nov 2024
202 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes