SB2020061921 - Multiple vulnerabilities in Baxter ExactaMix

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020061921

SB2020061921 - Multiple vulnerabilities in Baxter ExactaMix

Published: June 19, 2020

Security Bulletin ID SB2020061921
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Cleartext transmission of sensitive information (CVE-ID: CVE-2020-12008)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can gain access to sensitive data including PHI.


2) Missing Encryption of Sensitive Data (CVE-ID: CVE-2020-12032)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software stores device data with sensitive information in an unencrypted database. A remote attacker can view or modify sensitive data including PHI.


3) Improper input validation (CVE-ID: CVE-2017-0143)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References