CVE-2024-9832
No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Baxter · Life2000 Ventilation SystemWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →