- Description
- The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
- Source
- productsecurity@baxter.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- productsecurity@baxter.com
- CWE-306
- Hype score
- Not currently trending
人工呼吸器Baxter Life2000に複数の重大(Critical)な脆弱性。認証試行の制限が無く総当たりが可能(CVE-2024-9832)、医師用パスワードがハードコード(CVE-2024-48971)、検証・調整機能に認証が無い(CVE-2024-48966)等。修正は2025年2Q予定。物理での対策及び監視で対応を。 https://t.co/YBYXMx4zk7
@__kokumoto
19 Nov 2024
660 Impressions
3 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-48966 Ventilator Tool Access Flaw No Authentication, High Risk... https://t.co/YOFv7Dmqbh Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
15 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-48966 The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where th… https://t.co/PDRu0HFprb
@CVEnew
14 Nov 2024
202 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes