Use of Client-Side Authentication in Vigilant Software Suite - CVE-2021-43355
Published: January 4, 2022
Vulnerability identifier: #VU59172
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-43355
CWE-ID: CWE-603
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fresenius Kabi
Affected software:
Vigilant Software Suite
Vigilant Software Suite
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the Vigilant MasterMed application allows user input to be validated on the client side without authentication by the server. A remote attacker can circumvent the client-side control and login with service privileges.
How to mitigate CVE-2021-43355
Install updates from vendor's website.