Main Vulnerability Database Vulnerabilities #VU59163

#VU59163 Unprotected storage of credentials in Vigilant Software Suite - CVE-2021-23207

Published: January 4, 2022

Vulnerability identifier: #VU59163

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-23207

CWE-ID: CWE-256

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Vigilant Software Suite

Software vendor:
Fresenius Kabi

Description

The vulnerability allows a local user to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A local user can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed application and impersonate arbitrary users.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-355-01

#VU59163 Unprotected storage of credentials in Vigilant Software Suite - CVE-2021-23207

Description

Remediation

External links

Please verify you're human