Use of Client-Side Authentication in Vigilant Software Suite - CVE-2021-43355

 

Use of Client-Side Authentication in Vigilant Software Suite - CVE-2021-43355

Published: January 4, 2022


Vulnerability identifier: #VU59172
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-43355
CWE-ID: CWE-603
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Fresenius Kabi
Affected software:
Vigilant Software Suite

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Vigilant MasterMed application allows user input to be validated on the client side without authentication by the server. A remote attacker can circumvent the client-side control and login with service privileges.


How to mitigate CVE-2021-43355

Install updates from vendor's website.

Sources