CVE-2024-48973
Debug port on Life2000 Ventilator serial interface is enabled by default
In short
A ventilator device leaves a debug port enabled by default on its serial interface, allowing anyone with physical access to send unencrypted commands that can read sensitive information or change critical device settings.
Technical detail
The Life2000 Ventilator exposes an unauthenticated debug serial port without encryption, enabling local attackers to send arbitrary messages that lead to information disclosure and unauthorized modification of device configuration and operational parameters. Exploitation requires physical or logical access to the serial interface.
Summary generated and translated by AI from the official description.
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Baxter · Life2000 Ventilation SystemWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →