CVE-2024-48970

Published Nov 14, 2024

Last updated 2 days ago

CVSS critical 9.3

Overview

Description
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
Source
productsecurity@baxter.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

productsecurity@baxter.com
CWE-1191

Social media

Hype score
Not currently trending

  1. CVE-2024-48970 The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-… https://t.co/tjV5ZcAPST

    @CVEnew

    14 Nov 2024

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References