CVE-2021-43935
ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.1EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 dic 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Hillrom · Welch Allyn Connex CardioHillrom · Welch Allyn Diagnostic Cardiology SuiteHillrom · Welch Allyn H-Scribe Holter Analysis SystemHillrom · Welch Allyn Q-Stress Cardiac Stress Testing SystemHillrom · Welch Allyn R-Scribe Resting ECG SystemHillrom · Welch Allyn Vision ExpressHillrom · Welch Allyn X-Scribe Cardiac Stress Testing System¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →