CVE-2024-48971

Published Nov 14, 2024

Last updated 2 days ago

CVSS critical 9.3

Overview

Description
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
Source
productsecurity@baxter.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

productsecurity@baxter.com
CWE-798

Social media

Hype score
Not currently trending

  1. CVE-2024-48971 The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password … https://t.co/RkKjsN9Rnk

    @CVEnew

    14 Nov 2024

    207 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

References