PT-2020-12988 · Baxter · Baxter Exactamix Em1200+1
Published
2020-06-29
·
Updated
2020-07-08
·
CVE-2020-12020
CVSS v3.1
6.1
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Baxter ExactaMix EM 2400 versions 1.10 through 1.13
Baxter ExactaMix EM1200 versions 1.1 through 1.4
Description
The issue allows non-administrative users to gain access to the operating system and edit the application startup script. Successful exploitation may enable an attacker to alter the startup script as a limited-access user.
Recommendations
For Baxter ExactaMix EM 2400 versions 1.10 through 1.13, restrict non-administrative user access to the operating system and application startup script.
For Baxter ExactaMix EM1200 versions 1.1 through 1.4, restrict non-administrative user access to the operating system and application startup script.
As a temporary workaround, consider restricting access to the operating system for non-administrative users until a patch is available.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Baxter Exactamix Em 2400
Baxter Exactamix Em1200