CVE-2024-48967

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-48967

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

T

he ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.

References
Link Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01
Configurations

No configuration.

History

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) El respirador y la PC de servicio carecen de capacidades de registro de auditoría suficientes para permitir la detección de actividad maliciosa y el posterior examen forense. Un atacante con acceso al respirador o a la PC de servicio podría, sin ser detectado, realizar cambios no autorizados en la configuración del respirador que resulten en la divulgación no autorizada de información o tengan impactos no deseados en el rendimiento del dispositivo.

14 Nov 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-14 22:15

Updated : 2024-11-15 13:58

NVD link : CVE-2024-48967

Mitre link : CVE-2024-48967

CVE.ORG link : CVE-2024-48967

JSON object : View

Products Affected

No product.

CWE
CWE-778

Insufficient Logging