The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
History

Mon, 18 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Baxter
Baxter life2000 Ventilator Firmware
CPEs cpe:2.3:o:baxter:life2000_ventilator_firmware:*:*:*:*:*:*:*:*
Vendors & Products Baxter
Baxter life2000 Ventilator Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 21:45:00 +0000

Type Values Removed Values Added
Description The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
Title Debug port on Life2000 Ventilator serial interface is enabled by default
Weaknesses CWE-1263
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Baxter

Published: 2024-11-14T21:24:14.099Z

Updated: 2024-11-18T15:33:44.924Z

Reserved: 2024-10-10T19:24:41.495Z

Link: CVE-2024-48973

cve-icon Vulnrichment

Updated: 2024-11-18T15:33:39.812Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T22:15:18.510

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-48973

cve-icon Redhat

No data.