CVE-2024-48966

{"id": "CVE-2024-48966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productsecurity@baxter.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2024-11-14T22:15:17.727", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01", "source": "productsecurity@baxter.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productsecurity@baxter.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance."}, {"lang": "es", "value": "Las herramientas de software que utiliza el personal de servicio para probar y calibrar el respirador no admiten la autenticaci\u00f3n de usuarios. Un atacante con acceso a la PC de servicio donde est\u00e1n instaladas las herramientas podr\u00eda obtener informaci\u00f3n de diagn\u00f3stico a trav\u00e9s de la herramienta de prueba o manipular la configuraci\u00f3n del respirador y el software integrado a trav\u00e9s de la herramienta de calibraci\u00f3n, sin tener que autenticarse en ninguna de las herramientas. Esto podr\u00eda dar lugar a una divulgaci\u00f3n no autorizada de informaci\u00f3n o tener efectos no deseados en la configuraci\u00f3n y el rendimiento del dispositivo."}], "lastModified": "2024-11-15T13:58:08.913", "sourceIdentifier": "productsecurity@baxter.com"}