Main Vulnerability Database Vulnerabilities #VU59172

#VU59172 Use of Client-Side Authentication in Vigilant Software Suite - CVE-2021-43355

Published: January 4, 2022

Vulnerability identifier: #VU59172

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-43355

CWE-ID: CWE-603

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vigilant Software Suite

Software vendor:
Fresenius Kabi

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the Vigilant MasterMed application allows user input to be validated on the client side without authentication by the server. A remote attacker can circumvent the client-side control and login with service privileges.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-355-01

#VU59172 Use of Client-Side Authentication in Vigilant Software Suite - CVE-2021-43355

Description

Remediation

External links

Please verify you're human