Lucene search

[email protected]CVE-2021-23233

HistoryJan 21, 2022 - 7:15 p.m.

CVE-2021-23233

2022-01-2119:15:08

CWE-798

CWE-284

[email protected]

web.nvd.nist.gov

cve-2021-23233

fresenius kabi agilia link+

security

vulnerability

authentication bypass

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration parameters.

Affected configurations

NVD

Node

fresenius-kabiagilia_partner_maintenance_softwareRange≤3.3.0

fresenius-kabivigilant_centeriumMatch1.0

fresenius-kabivigilant_insightMatch1.0

fresenius-kabivigilant_mastermedMatch1.0

Node

fresenius-kabiagilia_connectMatch-

AND

fresenius-kabiagilia_connect_firmwareRange≤d25

Node

fresenius-kabilink\+_agiliaMatch-

AND

fresenius-kabilink\+_agilia_firmwareRange<3.0

fresenius-kabilink\+_agilia_firmwareMatch3.0-

fresenius-kabilink\+_agilia_firmwareMatch3.0d15

CPENameOperatorVersion
fresenius-kabi:agilia_partner_maintenance_softwarefresenius-kabi agilia partner maintenance softwarele3.3.0
fresenius-kabi:vigilant_centeriumfresenius-kabi vigilant centeriumeq1.0
fresenius-kabi:vigilant_insightfresenius-kabi vigilant insighteq1.0
fresenius-kabi:vigilant_mastermedfresenius-kabi vigilant mastermedeq1.0

CPE	Name	Operator	Version
fresenius-kabi:agilia_partner_maintenance_software	fresenius-kabi agilia partner maintenance software	le	3.3.0
fresenius-kabi:vigilant_centerium	fresenius-kabi vigilant centerium	eq	1.0
fresenius-kabi:vigilant_insight	fresenius-kabi vigilant insight	eq	1.0
fresenius-kabi:vigilant_mastermed	fresenius-kabi vigilant mastermed	eq	1.0

CNA Affected

[
  {
    "product": "Agilia Link+",
    "vendor": "Fresenius Kabi",
    "versions": [
      {
        "lessThan": "3.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2021-23233

nvd1 cnvd1 cvelist1 prion1 ics1