CVE-2024-48971

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Nov 14, 2024

Updated: Nov 15, 2024

CWE ID 798

Summary

CVE-2024-48971 is a newly disclosed vulnerability affecting certain medical ventilators. The issue arises due to the hard-coding of the Clinician Password and Serial Number in plaintext form within the device. An attacker who gains physical access to the ventilator can easily extract this information, enabling them to log in with clinician privileges and potentially manipulate its settings or gain unauthorized access to connected networks. This vulnerability poses significant risks to patient safety and confidentiality.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Baxter International Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/zYfeH6
https://www.cve.org/CVERecord?id=CVE-2024-48971
https://nvd.nist.gov/vuln/detail/CVE-2024-48971

Back to Vulnerability Database

CVE-2024-48971

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations