CVE-2024-12248 CRITICAL

CVE-2024-12248: Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor

Vendor Contec Health
Product CMS8000 Patient Monitor
Weakness CWE-787
Published January 30, 2025
Last update February 12, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

Key dates

02Disclosure timeline

January 30, 2025 CVE published
February 12, 2025 Record updated