CVE-2024-9832
No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Baxter · Life2000 Ventilation SystemQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →