CVE-2024-10476

{"id": "CVE-2024-10476", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cybersecurity@bd.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-12-17T16:15:23.390", "references": [{"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-cybersecurity-vulnerability-bulletin-diagnostic-solutions-products", "source": "cybersecurity@bd.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@bd.com", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys\u2122 Informatics\nSolution is only in scope of\nthis vulnerability when\ninstalled on a NUC server. BD Synapsys\u2122\nInformatics Solution installed\non a customer-provided virtual machine or on the BD Kiestra\u2122 SCU hardware is\nnot in scope."}, {"lang": "es", "value": "Las credenciales predeterminadas se utilizan en BD Diagnostic Solutions products enumerados anteriormente. Si se explota esta vulnerabilidad, los actores de amenazas pueden acceder, modificar o eliminar datos, incluida informaci\u00f3n confidencial como informaci\u00f3n m\u00e9dica protegida (PHI) e informaci\u00f3n de identificaci\u00f3n personal (PII). La explotaci\u00f3n de esta vulnerabilidad puede permitir que un atacante apague o afecte de otro modo la disponibilidad del sistema. Nota: BD Synapsys\u2122 Informatics Solution solo est\u00e1 dentro del alcance de esta vulnerabilidad cuando se instala en un servidor NUC. BD Synapsys\u2122 Informatics Solution instalada en una m\u00e1quina virtual proporcionada por el cliente o en el hardware BD Kiestra\u2122 SCU no est\u00e1 dentro del alcance."}], "lastModified": "2024-12-17T16:15:23.390", "sourceIdentifier": "cybersecurity@bd.com"}