CVE-2021-44464

{"id": "CVE-2021-44464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2022-01-21T19:15:09.403", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software."}, {"lang": "es", "value": "Vigilant Software Suite (Mastermed Dashboard) versi\u00f3n 2.0.1.3, contiene credenciales de servicio que probablemente sean comunes en todas las instancias. Un atacante en posesi\u00f3n de la contrase\u00f1a puede alcanzar privilegios en todas las instalaciones de este software"}], "lastModified": "2022-01-28T15:40:46.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B4979F9-A7D5-4B5C-8FF2-C3C67773EE03", "versionEndIncluding": "d25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D1BBB63E-7E43-4BC1-A08F-4F1F811F839B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B072164-6AA2-4A14-B7D7-10B4B953004D", "versionEndIncluding": "3.3.0"}, {"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C47210A7-4753-4ED7-8E6B-9BE8EBFABC9F"}, {"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C91B931-F726-4AB2-B3A6-D92F774CF04D"}, {"criteria": "cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04AC7167-F5C8-46A2-B937-953E13D76A32"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45FA28DE-939F-4146-A6E2-CE8849C9CB16", "versionEndExcluding": "3.0"}, {"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D5FC3D0-9593-487B-B70A-F8BBCA8A18FF"}, {"criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:d15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E88F2E-C12B-4B50-B087-3247F4748AF3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fresenius-kabi:link\\+_agilia:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1548AA3F-659F-43C3-9261-C7FD55465877"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}