PT-2020-13008 · Baxter · Baxter Spectrum Wbm

Published

2020-06-29

Updated

2022-03-03

CVE-2020-12041

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Name of the Vulnerable Software and Affected Versions Baxter Spectrum WBM versions v17, v20D29, v20D30, v20D31, and v22D24

Description The telnet Command-Line Interface of the Baxter Spectrum WBM grants access to sensitive data stored on the WBM. It permits temporary configuration changes to network settings of the WBM and allows the WBM to be rebooted. These temporary configuration changes to network settings are removed upon reboot.

Recommendations For versions v17, v20D29, v20D30, v20D31, and v22D24, consider restricting access to the telnet Command-Line Interface to minimize the risk of exploitation. As a temporary workaround, consider disabling the telnet Command-Line Interface until a patch is available. Restrict configuration changes to network settings to authorized personnel only.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2020-12041

Affected Products

Baxter Spectrum Wbm

PT-2020-13008 · Baxter · Baxter Spectrum Wbm

CVE-2020-12041

Weakness Enumeration

Related Identifiers

Affected Products

References · 5