CVE-2021-23207
Severity CVSS v4.0:
Pending analysis
Type:
CWE-522
Insufficiently Protected Credentials
Publication date:
21/01/2022
Last modified:
30/08/2022
Description
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fresenius-kabi:agilia_connect:*:*:*:*:*:*:*:* | d25 (including) | |
| cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:* | 3.3.0 (including) | |
| cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:*:*:*:*:*:*:*:* | 3.0 (excluding) | |
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15:*:*:*:*:*:* | ||
| cpe:2.3:h:fresenius-kabi:link\+_agilia:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page