CVE-2022-26389

{"id": "CVE-2022-26389", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productsecurity@baxter.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.8}]}, "published": "2025-02-07T17:15:22.130", "references": [{"url": "https://hillrom.com/en/responsible-disclosures/", "source": "productsecurity@baxter.com"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-167-01", "source": "productsecurity@baxter.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "productsecurity@baxter.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An improper access control vulnerability may allow privilege escalation.This issue affects:\u00a0\n\n * ELI 380 Resting Electrocardiograph:\n\nVersions 2.6.0 and prior;\u00a0\n * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior;\u00a0\n * ELI 250c/BUR 250c Resting Electrocardiograph:\u00a0Versions 2.1.2 and prior;\u00a0\n * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior."}], "lastModified": "2025-02-07T17:15:22.130", "sourceIdentifier": "productsecurity@baxter.com"}