PT-2018-5448 · Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump

Publicado

2018-02-15

Atualizado

2019-10-03

CVE-2017-12720

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump versions 1.1, 1.5, and 1.6

Description: An issue with improper access control was found. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

Recommendations: For version 1.1, consider disabling FTP connections until a fix is available. For version 1.5, restrict access to the FTP server to minimize the risk of exploitation. For version 1.6, avoid using the FTP server until the issue is resolved.

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2017-12720

Produtos afetados

Medfusion 4000 Wireless Syringe Infusion Pump

PT-2018-5448 · Smiths Medical · Medfusion 4000 Wireless Syringe Infusion Pump

CVE-2017-12720

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4