Lucene search

BaxterCVELIST:CVE-2024-5176

HistoryMay 31, 2024 - 5:26 p.m.

CVE-2024-5176 Vulnerability in Welch Allyn Configuration Tool Software

2024-05-3117:26:05

CWE-522

Baxter

www.cve.org

cve-2024-5176

vulnerability

welch allyn configuration tool

insufficiently protected credentials

remote services

stolen credentials

baxter

software

version 1.9.4.1

9.4 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

PASSIVE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Welch Allyn Configuration Tool",
    "vendor": "Baxter",
    "versions": [
      {
        "lessThanOrEqual": "1.9.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cisa.gov/news-events/ics-medical-advisories/icsma-24-151-01