CVE-2024-48973 CRITICAL

CVE-2024-48973: Debug port on Life2000 Ventilator serial interface is enabled by default

Vendor Baxter
Product Life2000 Ventilation System
Weakness CWE-1263
Published November 14, 2024
Last update November 18, 2024

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 18, 2024 Record updated