PT-2018-14519 · Roche · Coaguchek Pro Ii+4
Publicado
2018-11-20
·
Atualizado
2018-12-28
·
CVE-2018-18565
CVSS v3.1
6.8
Média
| Vetor | AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Roche Accu-Chek Inform II Instrument versions before 03.06.00
Roche Accu-Chek Inform II Instrument versions 04.x before 04.03.00
CoaguChek Pro II versions before 04.03.00
CoaguChek XS Plus versions before 03.01.06
CoaguChek XS Pro versions before 03.01.06
cobas h 232 versions before 03.01.03
cobas h 232 versions 04.x before 04.00.04
Description
A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.
Recommendations
For Roche Accu-Chek Inform II Instrument versions before 03.06.00, update to version 03.06.00 or later.
For Roche Accu-Chek Inform II Instrument versions 04.x before 04.03.00, update to version 04.03.00 or later.
For CoaguChek Pro II versions before 04.03.00, update to version 04.03.00 or later.
For CoaguChek XS Plus versions before 03.01.06, update to version 03.01.06 or later.
For CoaguChek XS Pro versions before 03.01.06, update to version 03.01.06 or later.
For cobas h 232 versions before 03.01.03, update to version 03.01.03 or later.
For cobas h 232 versions 04.x before 04.00.04, update to version 04.00.04 or later.
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Coaguchek Pro Ii
Coaguchek Xs Plus
Coaguchek Xs Pro
Roche Accu-Chek Inform Ii Instrument
Cobas H 232