CVE-2024-13026 MEDIUM

CVE-2024-13026: Inadequate Encryption Strength Vulnerability in Roche Algo Edge

Vendor Roche Diagnostics
Product Algorithm Suite
Weakness CWE-326 · Weak encryption
Published January 17, 2025
Last update February 12, 2025

CVSS base score

6.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear

What the vulnerability does

01Description

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.

Key dates

02Disclosure timeline

January 17, 2025 CVE published
February 12, 2025 Record updated