Lucene search

BDCVELIST:CVE-2023-30565

HistoryJul 13, 2023 - 7:06 p.m.

CVE-2023-30565 CQI Data Sniffing

2023-07-1319:06:18

CWE-319

CWE-924

www.cve.org

cve-2023-30565

cqi data sniffing

systems manager

cqi reporter application

infusion data

attacker

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

Percentile

9.0%

JSON

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CQI Reporter",
    "vendor": "Becton Dickinson & Co",
    "versions": [
      {
        "lessThanOrEqual": "10.17",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx

CVSS3

3.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-30565