CVE-2021-43935 Vulnerability Details

  /     /     /  

CVE-2021-43935 Metadata Quick Info

CVE Published: 15/12/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: icscert | Vendor: Hillrom | Product: Welch Allyn Q-Stress Cardiac Stress Testing System
Status : PUBLISHED

---

CVE-2021-43935 Description

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

Metrics

CVSS Version: 3.1 | Base Score: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-288
CWE Name: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Source: Hillrom

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).