Overview
- Description
- There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
- Source
- productsecurity@baxter.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- productsecurity@baxter.com
- CWE-307
Social media
- Hype score
- Not currently trending
CVE-2024-9832 Unlimited Brute-Force Attack Risk in Ventilator Login System There is no restriction on how many times someone can try the wrong login with the Clinician Password or Serial Number Clinician Password... https://t.co/oTSB3Qn6aa
@VulmonFeeds
15 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9832 There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brut… https://t.co/S4P3uVOQ9l
@CVEnew
14 Nov 2024
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes