← Back

CVE-2021-23207

nvd nist
Published: Jan 21, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

Affected (8)

Fresenius Kabi
6 products
Agilia Connect
Agilia Partner Maintenance Software
Vigilant Centerium
Vigilant Insight
Vigilant Mastermed
Link+ Agilia Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Agilia Connect
Up to d25
Running on/withPlatform Versions
Fresenius Kabi
Agilia Connect
All versions
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Agilia Partner Maintenance Software
Up to 3.3.0
Vigilant Centerium
Version 1.0
Vigilant Insight
Version 1.0
Vigilant Mastermed
Version 1.0
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fresenius Kabi
Link+ Agilia Firmware
Before 3.0
Link+ Agilia Firmware
Version 3.0
Link+ Agilia Firmware
Version 3.0 d15
Running on/withPlatform Versions
Fresenius Kabi
Link+ Agilia
All versions

Related CWEs

CWE-256
Plaintext Storage of a Password
Storing a password in plaintext may result in a system compromise.
CWE-522
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.