CVE-2024-48967 Vulnerability Details

  /     /     /  

CVE-2024-48967 Metadata Quick Info

CVE Published: 14/11/2024 | CVE Updated: 15/11/2024 | CVE Year: 2024
Source: Baxter | Vendor: Baxter | Product: Life2000 Ventilation System
Status : PUBLISHED

CVE-2024-48967 Description

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-778
CWE Name: CWE-778: Insufficient Logging
Source: Baxter

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-117
CAPEC Description: CAPEC-117 Interception