CVE-2020-12024

Name of the Vulnerable Software and Affected Versions Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 Baxter ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5

Description The vulnerability allows an attacker with physical access to the system to load an unauthorized payload or gain unauthorized access to the hard drive by booting a live USB OS, due to the lack of restriction on access to the USB interface. This could impact the confidentiality and integrity of the system and risk exposure of sensitive information, including Protected Health Information (PHI).

Recommendations For Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14, restrict physical access to the system to prevent exploitation. For Baxter ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, restrict physical access to the system to prevent exploitation. As a temporary workaround, consider disabling the USB interface until a patch is available. Restrict access to sensitive information, including PHI, to minimize the risk of exposure.