PT-2024-34890 · Welch Allyn · Welch Allyn Configuration Tool

Published

2024-05-31

Updated

2024-06-05

CVE-2024-5176

CVSS v4.0

9.4

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Welch Allyn Configuration Tool versions 1.9.4.1 and prior

Description The issue is related to insufficiently protected credentials, which may allow remote services to be accessed with stolen credentials.

Recommendations For versions 1.9.4.1 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2024-5176

Affected Products

Welch Allyn Configuration Tool

PT-2024-34890 · Welch Allyn · Welch Allyn Configuration Tool

CVE-2024-5176

Weakness Enumeration

Related Identifiers

Affected Products

References · 2