exploitDog

CVE-2020-15482

Опубликовано: 26 авг. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.

Ссылки

https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor
Third Party Advisory
https://www.niscomed.com/multipara-monitor.html
Product
https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor
Third Party Advisory
https://www.niscomed.com/multipara-monitor.html
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:niscomed:m1000_multipara_patient_monitor_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:niscomed:m1000_multipara_patient_monitor:-:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-j49p-h2xh-3ff4

github

больше 3 лет назад

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.

EPSS

Процентиль: 4%

0.00019

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-287