CVE-2024-13026

Severity CVSS v4.0:

MEDIUM

Type:

CWE-326 Inadequate Encryption Strength

Publication date:

17/01/2025

Last modified:

17/01/2025

Description

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear CVSS v4.0 Severity and Metrics:

Base Score: 6.10 MEDIUM
Vector: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Safety (S): Negligible
Automatable (AU): No
Recovery (R): Automatic
Value Density (V): Diffuse
Vulnerability Response Effort (RE): Low
Provider Urgency (U): Clear

Base Score 4.0

6.10

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf