- Description
- There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
- Source
- productsecurity@baxter.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- productsecurity@baxter.com
- CWE-307
- Hype score
- Not currently trending
人工呼吸器Baxter Life2000に複数の重大(Critical)な脆弱性。認証試行の制限が無く総当たりが可能(CVE-2024-9832)、医師用パスワードがハードコード(CVE-2024-48971)、検証・調整機能に認証が無い(CVE-2024-48966)等。修正は2025年2Q予定。物理での対策及び監視で対応を。 https://t.co/YBYXMx4zk7
@__kokumoto
19 Nov 2024
660 Impressions
3 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-9832 Unlimited Brute-Force Attack Risk in Ventilator Login System There is no restriction on how many times someone can try the wrong login with the Clinician Password or Serial Number Clinician Password... https://t.co/oTSB3Qn6aa
@VulmonFeeds
15 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9832 There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brut… https://t.co/S4P3uVOQ9l
@CVEnew
14 Nov 2024
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes