CVE-2024-50588
CVSS V2 None
CVSS V3 None
Description
An unauthenticated attacker with access to the local network of the
medical office can use known default credentials to gain remote DBA
access to the Elefant Firebird database. The data in the database
includes patient data and login credentials among other sensitive data.
In addition, this enables an attacker to create and overwrite arbitrary
files on the server filesystem with the rights of the Firebird database
("NT AUTHORITY\SYSTEM").
Overview
- CVE ID
- CVE-2024-50588
- Assigner
- SEC-VLab
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-08T08:37:03.702Z
- Last Modified Date
- 2024-11-08T15:24:00.749Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://r.sec-consult.com/hasomed | third-party-advisory |
| https://hasomed.de/produkte/elefant/ | patch |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-50588 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50588 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-09 13:27:47 | Added to TrackCVE |