CVE Published: 14/11/2024 |
CVE Updated: 15/11/2024 |
CVE Year: 2024 Source: Baxter |
Vendor: Baxter |
Product: Life2000 Ventilation System Status : PUBLISHED
CVE-2024-48971 Description
The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges.
Metrics
CVSS Version: 3.1 |
Base Score: 9.3 CRITICAL Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H