CVE-2024-50588 Vulnerability Details

  /     /     /  

CVE-2024-50588 Metadata Quick Info

CVE Published: 08/11/2024 | CVE Updated: 08/11/2024 | CVE Year: 2024
Source: SEC-VLab | Vendor: HASOMED | Product: Elefant
Status : PUBLISHED

CVE-2024-50588 Description

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1393
CWE Name: CWE-1393 Use of Default Password
Source: HASOMED

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-70
CAPEC Description: CAPEC-70 Try Common or Default Usernames and Passwords


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-50588 Vulnerability Details