CVE-2021-23207

Name of the Vulnerable Software and Affected Versions Fresenius Kabi Vigilant MasterMed version 2.0.1.3

Description An attacker with physical access to the host can extract secrets from the registry and create valid JWT tokens for the application, allowing them to impersonate arbitrary users. This could also enable the manipulation of RabbitMQ queues and messages by impersonating users.

Recommendations For Fresenius Kabi Vigilant MasterMed version 2.0.1.3, consider restricting physical access to the host to minimize the risk of exploitation. As a temporary workaround, restrict access to the registry and limit the ability to create JWT tokens. Additionally, monitor RabbitMQ queues and messages for suspicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.