- Description
- The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
- Source
- productsecurity@baxter.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- productsecurity@baxter.com
- CWE-798
- Hype score
- Not currently trending
人工呼吸器Baxter Life2000に複数の重大(Critical)な脆弱性。認証試行の制限が無く総当たりが可能(CVE-2024-9832)、医師用パスワードがハードコード(CVE-2024-48971)、検証・調整機能に認証が無い(CVE-2024-48966)等。修正は2025年2Q予定。物理での対策及び監視で対応を。 https://t.co/YBYXMx4zk7
@__kokumoto
19 Nov 2024
660 Impressions
3 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-48971 The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password … https://t.co/RkKjsN9Rnk
@CVEnew
14 Nov 2024
207 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes