PT-2022-17824 · Baxter · Baxter Spectrum Wbm
Deral Heiland
·
Published
2022-09-09
·
Updated
2022-09-15
·
CVE-2022-26392
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Baxter Spectrum WBM versions v16 through v17
Baxter Spectrum WBM versions v20D29 through v20D32
Description
The issue allows for format string attacks via application messaging when in superuser mode, potentially enabling an attacker to read memory and access sensitive information.
Recommendations
For Baxter Spectrum WBM versions v16 through v17, restrict access to superuser mode to minimize the risk of exploitation.
For Baxter Spectrum WBM versions v20D29 through v20D32, consider disabling application messaging until a fix is available.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Baxter Spectrum Wbm