CVE-2021-43935

{"id": "CVE-2021-43935", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-12-15T19:15:15.873", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."}, {"lang": "es", "value": "Los productos afectados, cuando est\u00e1n configurados para usar SSO, est\u00e1n afectados por una vulnerabilidad de autenticaci\u00f3n inapropiada. Esta vulnerabilidad permite que la aplicaci\u00f3n acepte la entrada manual de cualquier cuenta del directorio activo (AD) provista en la aplicaci\u00f3n sin suministrar una contrase\u00f1a, resultando en el acceso a la aplicaci\u00f3n como la cuenta AD suministrada, con todos los privilegios asociados"}], "lastModified": "2024-11-21T06:30:01.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:baxter:welch_allyn_connex_cardio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9DAE7F6-E2AF-4DF4-AEB0-A62B2A343193", "versionEndIncluding": "1.1.1", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D76DAA-4799-4DCD-B7F2-46D17A03A614"}, {"criteria": "cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98FC1911-F92B-4D4A-ABDE-882807F8EF16", "versionEndIncluding": "7.0.0", "versionStartIncluding": "5.01"}, {"criteria": "cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AC5DF38-0E45-496E-BBC5-C46D8B77AF16", "versionEndIncluding": "6.4.0", "versionStartIncluding": "6.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED9D8D71-FA01-4E29-A27A-78B7933F96C0", "versionEndIncluding": "6.4.0", "versionStartIncluding": "5.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC5C925E-8AD6-432A-800B-12DC33FCAA67"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AA1AF5C-68D3-4D79-A9F0-2E392BE0FB37", "versionEndIncluding": "6.3.1", "versionStartIncluding": "6.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D183E89E-3219-4979-AADF-345A3A6CB815"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6AF883C-C044-451A-914C-7CA5113670C4", "versionEndIncluding": "6.3.1", "versionStartIncluding": "5.01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34255579-A781-4C23-B78A-E20EA6483330"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}