CVE-2024-5176 CRITICAL

CVE-2024-5176: Vulnerability in Welch Allyn Configuration Tool Software

Vendor Baxter
Product Welch Allyn Configuration Tool
Weakness CWE-522 · Insufficiently protected credentials
Published May 31, 2024
Last update September 3, 2024

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

What the vulnerability does

01Description

Insufficiently Protected Credentials vulnerability in Baxter Welch Allyn Configuration Tool may allow Remote Services with Stolen Credentials.This issue affects Welch Allyn Configuration Tool: versions 1.9.4.1 and prior.

Key dates

02Disclosure timeline

May 31, 2024 CVE published
September 3, 2024 Record updated