An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2022-01-21T18:17:39
Updated: 2024-08-03T19:05:54.432Z
Reserved: 2021-11-30T00:00:00
Link: CVE-2021-23207
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-01-21T19:15:08.063
Modified: 2024-11-21T05:51:22.630
Link: CVE-2021-23207
Redhat
No data.