6.1
CVE-2020-12024
- EPSS 0.07%
- Veröffentlicht 29.06.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:08
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginBaxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Baxter ≫ Em2400 Firmware Version1.10
Baxter ≫ Em2400 Firmware Version1.11
Baxter ≫ Em2400 Firmware Version1.13
Baxter ≫ Em2400 Firmware Version1.14
Baxter ≫ Em1200 Firmware Version1.1
Baxter ≫ Em1200 Firmware Version1.2
Baxter ≫ Em1200 Firmware Version1.4
Baxter ≫ Em1200 Firmware Version1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.176 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 0.9 | 5.2 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.