CVE-2024-50588
Unprotected Exposed Firebird Database with default credentials
In short
A medical office database (Firebird) uses default passwords that anyone on the local network can guess, allowing attackers to access patient records and login credentials. The attacker can also create or modify files on the server with system-level privileges.
Technical detail
Firebird database exposed on the network with unchanged default credentials (CWE-1393), permitting unauthenticated remote DBA access from local network attackers. The vulnerability enables unauthorized data exfiltration of patient information and credentials, and arbitrary file write/modification on the server filesystem with NT AUTHORITY\SYSTEM privileges (CWE-419), facilitating privilege escalation and lateral movement.
Summary generated and translated by AI from the official description.
An unauthenticated attacker with access to the local network of the
medical office can use known default credentials to gain remote DBA
access to the Elefant Firebird database. The data in the database
includes patient data and login credentials among other sensitive data.
In addition, this enables an attacker to create and overwrite arbitrary
files on the server filesystem with the rights of the Firebird database
("NT AUTHORITY\SYSTEM").
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
HASOMED · ElefantWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →