CVE-2021-33846 MEDIUM

CVE-2021-33846: Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm

Vendor Fresenius Kabi
Product Vigilant Software Suite (Mastermed Dashboard)
Weakness CWE-327 · Broken crypto
Published January 21, 2022
Last update April 16, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.

Key dates

02Disclosure timeline

January 21, 2022 CVE published
April 16, 2025 Record updated