CVE-2024-9832

Name of the Vulnerable Software and Affected Versions Ventilator (affected versions not specified)

Description The issue allows for an unlimited number of failed login attempts with the Clinician Password or the Serial Number Clinician Password. This enables an attacker to perform a brute-force attack, potentially gaining unauthorized access to the ventilator. Once accessed, an attacker could modify device settings, disrupting the device's function and/or leading to unauthorized information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.