Information disclosure in T1 Ventilator - CVE-2020-27290
Published: February 17, 2021
Vulnerability identifier: #VU50741
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-27290
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
T1 Ventilator
T1 Ventilator
Software vendor:
Hamilton Medical
Hamilton Medical
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. An authenticated attacker with physical access can gain unauthorized access to sensitive information on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.