CVE-2024-50588

Name of the Vulnerable Software and Affected Versions: Elefant Firebird database versions prior to 24.03.03

Description: An unauthenticated attacker with access to the local network of a medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. This access allows the attacker to view sensitive data, including patient data and login credentials. Additionally, the attacker can create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITYSYSTEM").

Recommendations: For versions prior to 24.03.03, upgrade the affected component immediately to mitigate the risk of unauthorized access. As a temporary workaround, consider changing the default login credentials to prevent unauthorized access to the Elefant Firebird database. Restrict access to the database to minimize the risk of exploitation.