CVE-2024-48971

{"id": "CVE-2024-48971", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productsecurity@baxter.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}]}, "published": "2024-11-14T22:15:18.327", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01", "source": "productsecurity@baxter.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productsecurity@baxter.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges."}, {"lang": "es", "value": "La contrase\u00f1a del m\u00e9dico y el n\u00famero de serie est\u00e1n codificados en el respirador en formato de texto simple. Esto podr\u00eda permitir que un atacante obtenga la contrase\u00f1a del respirador y la use para obtener acceso no autorizado al dispositivo con privilegios de m\u00e9dico."}], "lastModified": "2024-11-15T13:58:08.913", "sourceIdentifier": "productsecurity@baxter.com"}