CVE-2020-15482

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor	Third Party Advisory
https://www.niscomed.com/multipara-monitor.html	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:niscomed:m1000_multipara_patient_monitor_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:niscomed:m1000_multipara_patient_monitor:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-08-26 16:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-15482

Mitre link : CVE-2020-15482

CVE.ORG link : CVE-2020-15482

JSON object : View

Products Affected

niscomed

m1000_multipara_patient_monitor_firmware
m1000_multipara_patient_monitor

CWE

CWE-287

Improper Authentication

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2020-15482", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-08-26T16:15:12.510", "references": [{"url": "https://payatu.com/advisory/unauthenticated-telnet-service-in-niscomed-patient-monitor", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.niscomed.com/multipara-monitor.html", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos Nescomed Multipara Monitor M1000. El dispositivo habilita un servicio TELNET sin cifrar por defecto, con una contrase\u00f1a en blanco para la cuenta de administrador. Esto permite a un atacante obtener acceso root al dispositivo a trav\u00e9s de la red local"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:niscomed:m1000_multipara_patient_monitor_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3695BBDF-27F7-465D-8E43-F75EAAF3CF74"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:niscomed:m1000_multipara_patient_monitor:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "960CD525-337E-4B2B-92EF-BA4F4FDBF304"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}