CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-50592 – Local Privilege Escalation via Race Condition
https://notcve.org/view.php?id=CVE-2024-50592
08 Nov 2024 — An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a list of files and their hashes. In addition, instructions to execute binaries to finalize the repair process are included. The executables are executed as "NT AUTHORITY\SYSTEM" after they are copied over to the user wr... • https://packetstorm.news/files/id/182564 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50593 – Hardcoded Service Password
https://notcve.org/view.php?id=CVE-2024-50593
08 Nov 2024 — An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software. Un atacante con acceso local a el ordenador del consultorio médico puede acceder a funciones restringidas de la herramienta de servicio Elefant mediante el uso de una contraseña de "línea directa" codificada en el binario del servicio Elefant, que se envía con el software. HASOMED E... • https://packetstorm.news/files/id/182564 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-50591 – Local Privilege Escalation via Command Injection
https://notcve.org/view.php?id=CVE-2024-50591
08 Nov 2024 — An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service which is running as "SYSTEM" via Windows Named Pipes.The Elefant Software Updater (ESU) consists of two components. An ESU service which runs as "NT AUTHORITY\SYSTEM" and an ESU tray client which communicates with the ... • https://packetstorm.news/files/id/182564 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50590 – Local Privilege Escalation via Weak Service Binary Permissions
https://notcve.org/view.php?id=CVE-2024-50590
08 Nov 2024 — Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. In addition, the Elefant installer registers two Firebird database services which are running as “NT AUTHORITY\SYSTEM”. Path: C:\Elefant1\Firebird_2\bin\fbserver.exe Path: C:\Elefant1\Firebird_2\bin\fbguard.exe Both... • https://packetstorm.news/files/id/182564 • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50589 – Unprotected FHIR API
https://notcve.org/view.php?id=CVE-2024-50589
08 Nov 2024 — An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR). Un atacante no autenticado con acceso a la red local del consultorio médico puede consultar una API de recursos de interoperabilidad rápida de atención médica (FHIR) desprotegida para obtener acceso a registros médicos electrónicos (EHR) confidenciales. HASOMED Elefant versions prior to 24... • https://packetstorm.news/files/id/182564 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50588 – Unprotected Exposed Firebird Database with default credentials
https://notcve.org/view.php?id=CVE-2024-50588
08 Nov 2024 — An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM"). Un atacante no autenticado con acceso a la red local del consultorio ... • https://packetstorm.news/files/id/182564 • CWE-419: Unprotected Primary Channel CWE-1393: Use of Default Password •