Lucene search

PRIOn knowledge basePRION:CVE-2023-47800

HistoryNov 10, 2023 - 7:15 a.m.

Default credentials

2023-11-1007:15:00

PRIOn knowledge base

www.prio-n.com

default password

microsoft sql server

remote code execution

data exfiltration

threat actor

tampering

data destruction

mssql services

natus neuroworks

sleepworks

nefarious actions

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.

CPENameOperatorVersion
neuroworks_eeglt8.4
neuroworks_eegeq8.4
sleepworkslt8.4
sleepworkseq8.4

Name	Operator	Version
neuroworks_eeg	lt	8.4
neuroworks_eeg	eq	8.4
sleepworks	lt	8.4
sleepworks	eq	8.4

References

partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf

www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt