GE Aestiva and Aespire Anesthesia are prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
The following versions of GE Aestiva and Aespire Anesthesia Machines are affected:
GE Aestiva and Aespire versions 7100
GE Aestiva and Aespire versions 7900
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 109102 |
| Class: | Access Validation Error |
| CVE: | CVE-2019-10966 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 09 2019 12:00AM |
| Updated: | Jul 09 2019 12:00AM |
| Credit: | Elad Luz of CyberMDX |
| Vulnerable: | GEHealthcare Aestiva 7900 GEHealthcare Aestiva 7100 GEHealthcare Aespire 7900 GEHealthcare Aespire 7100 |
| Not Vulnerable: | |
References:
from SecurityFocus Vulnerabilities https://ift.tt/2NUoHQu
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.