CVE-2024-9832
CVSS V2 None
CVSS V3 None
Description
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
Overview
- CVE ID
- CVE-2024-9832
- Assigner
- Baxter
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T21:03:16.721Z
- Last Modified Date
- 2024-11-14T21:47:11.069Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-9832 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9832 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-15 13:36:57 | Added to TrackCVE |