5.3
CVE-2021-23195
- EPSS 0.85%
- Veröffentlicht 21.01.2022 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:21
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginFresenius Kabi Agilia Connect Infusion System exposure of information through directory listing
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fresenius-kabi ≫ Agilia Connect Firmware Version <= d25
Fresenius-kabi ≫ Agilia Partner Maintenance Software Version <= 3.3.0
Fresenius-kabi ≫ Vigilant Centerium Version1.0
Fresenius-kabi ≫ Vigilant Insight Version1.0
Fresenius-kabi ≫ Vigilant Mastermed Version1.0
Fresenius-kabi ≫ Link+ Agilia Firmware Version < 3.0
Fresenius-kabi ≫ Link+ Agilia Firmware Version3.0 Update-
Fresenius-kabi ≫ Link+ Agilia Firmware Version3.0 Updated15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.532 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-548 Exposure of Information Through Directory Listing
A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01