PT-2022-10293 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite

Published

2022-01-21

Updated

2022-01-28

CVE-2021-33846

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3

Description The issue allows an attacker in possession of a symmetric encryption key to issue valid JWTs and impersonate arbitrary users, as the authentication tokens issued to authenticated users are signed with this key.

Recommendations For Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3, consider restricting access to sensitive areas of the system until a patch is available, and ensure that all symmetric encryption keys are securely stored and protected from unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2021-33846

Affected Products

Fresenius Kabi Vigilant Software Suite

PT-2022-10293 · Fresenius Kabi · Fresenius Kabi Vigilant Software Suite

CVE-2021-33846

Weakness Enumeration

Related Identifiers

Affected Products

References · 5