CVE-2022-26392 LOW

CVE-2022-26392: Format String vulnerability

Vendor Baxter
Product Baxter Spectrum Wireless Battery Module (WBM)
Weakness CWE-134
Published September 9, 2022
Last update September 17, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v17D19, v20D29 to v20D32) when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information.

Key dates

02Disclosure timeline

September 9, 2022 CVE published
September 17, 2024 Record updated