Lucene search

[email protected]NVD:CVE-2021-23207

HistoryJan 21, 2022 - 7:15 p.m.

CVE-2021-23207

2022-01-2119:15:08

CWE-256

CWE-522

[email protected]

web.nvd.nist.gov

security breach

jwt tokens

impersonation

rabbitmq manipulation

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

10.4%

JSON

An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.

Affected configurations

Nvd

Node

fresenius-kabiagilia_connectRange≤d25

AND

fresenius-kabiagilia_connectMatch-

Node

fresenius-kabiagilia_partner_maintenance_softwareRange≤3.3.0

fresenius-kabivigilant_centeriumMatch1.0

fresenius-kabivigilant_insightMatch1.0

fresenius-kabivigilant_mastermedMatch1.0

Node

fresenius-kabilink\+_agilia_firmwareRange<3.0

fresenius-kabilink\+_agilia_firmwareMatch3.0-

fresenius-kabilink\+_agilia_firmwareMatch3.0d15

AND

fresenius-kabilink\+_agiliaMatch-

VendorProductVersionCPE
fresenius-kabiagilia_connect*cpe:2.3:o:fresenius-kabi:agilia_connect:*:*:*:*:*:*:*:*
fresenius-kabiagilia_connect-cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:*
fresenius-kabiagilia_partner_maintenance_software*cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:*
fresenius-kabivigilant_centerium1.0cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:*
fresenius-kabivigilant_insight1.0cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:*
fresenius-kabivigilant_mastermed1.0cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:*
fresenius-kabilink\+_agilia_firmware*cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:*:*:*:*:*:*:*:*
fresenius-kabilink\+_agilia_firmware3.0cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-:*:*:*:*:*:*
fresenius-kabilink\+_agilia_firmware3.0cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15:*:*:*:*:*:*
fresenius-kabilink\+_agilia-cpe:2.3:h:fresenius-kabi:link\+_agilia:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fresenius-kabi	agilia_connect	*	cpe:2.3:o:fresenius-kabi:agilia_connect::::::::
fresenius-kabi	agilia_connect	-	cpe:2.3:h:fresenius-kabi:agilia_connect:-:::::::*
fresenius-kabi	agilia_partner_maintenance_software	*	cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software::::::::
fresenius-kabi	vigilant_centerium	1.0	cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:::::::*
fresenius-kabi	vigilant_insight	1.0	cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:::::::*
fresenius-kabi	vigilant_mastermed	1.0	cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:::::::*
fresenius-kabi	link\+_agilia_firmware	*	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware::::::::
fresenius-kabi	link\+_agilia_firmware	3.0	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:-::::::
fresenius-kabi	link\+_agilia_firmware	3.0	cpe:2.3:o:fresenius-kabi:link\+_agilia_firmware:3.0:d15::::::
fresenius-kabi	link\+_agilia	-	cpe:2.3:h:fresenius-kabi:link\+_agilia:-:::::::*

References

www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

10.4%

JSON

Related for NVD:CVE-2021-23207

cnvd1 cvelist1 prion1 cve1 ics1