// For flags

CVE-2019-10959

 

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 15, 1.3.0 Build 14, 1.3.1 Build 13, This does not impact the latest firmware Versions 1.3.2 and 1.6.1, Additionally, the following products using software Version 2.3.6 and below, Alaris GS, Alaris GH, Alaris CC, Alaris TIVA, The application does not restrict the upload of malicious files during a firmware update.

Bd Alaris Gateway Workstation Versiones 1.1.3 Build 10, 1.1.3 MR Build 11, 1.2 Build 1, 1.3.0
Build 14, 1.3.1 Build, esto no impacta en las últimas versiónes de firmware 1.3.2 y 1.6.1, adicionalmente, los siguiente productos usando versiones del programa 2.3.6 y más abajo Alaris GS, Alaris CC, Alaris TIVA, la aplicación no restringe la recarga de archivos maliciosos durante la actualización de firmware

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-08 CVE Reserved
  • 2019-06-13 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-11-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bd
Search vendor "Bd"
Alaris Gateway Workstation Firmware
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware"
1.1.3
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware" and version "1.1.3"
10
Affected
in Bd
Search vendor "Bd"
Alaris Gateway Workstation
Search vendor "Bd" for product "Alaris Gateway Workstation"
--
Safe
Bd
Search vendor "Bd"
Alaris Gateway Workstation Firmware
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware"
1.1.3
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware" and version "1.1.3"
11
Affected
in Bd
Search vendor "Bd"
Alaris Gateway Workstation
Search vendor "Bd" for product "Alaris Gateway Workstation"
--
Safe
Bd
Search vendor "Bd"
Alaris Gateway Workstation Firmware
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware"
1.2
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware" and version "1.2"
15
Affected
in Bd
Search vendor "Bd"
Alaris Gateway Workstation
Search vendor "Bd" for product "Alaris Gateway Workstation"
--
Safe
Bd
Search vendor "Bd"
Alaris Gateway Workstation Firmware
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware"
1.3.0
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware" and version "1.3.0"
14
Affected
in Bd
Search vendor "Bd"
Alaris Gateway Workstation
Search vendor "Bd" for product "Alaris Gateway Workstation"
--
Safe
Bd
Search vendor "Bd"
Alaris Gateway Workstation Firmware
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware"
1.3.1
Search vendor "Bd" for product "Alaris Gateway Workstation Firmware" and version "1.3.1"
13
Affected
in Bd
Search vendor "Bd"
Alaris Gateway Workstation
Search vendor "Bd" for product "Alaris Gateway Workstation"
--
Safe
Bd
Search vendor "Bd"
Alaris Gs Syringe Pump Firmware
Search vendor "Bd" for product "Alaris Gs Syringe Pump Firmware"
<= 2.3.6
Search vendor "Bd" for product "Alaris Gs Syringe Pump Firmware" and version " <= 2.3.6"
-
Affected
in Bd
Search vendor "Bd"
Alaris Gs Syringe Pump
Search vendor "Bd" for product "Alaris Gs Syringe Pump"
--
Safe
Bd
Search vendor "Bd"
Alaris Gh Syringe Pump Firmware
Search vendor "Bd" for product "Alaris Gh Syringe Pump Firmware"
<= 2.3.6
Search vendor "Bd" for product "Alaris Gh Syringe Pump Firmware" and version " <= 2.3.6"
-
Affected
in Bd
Search vendor "Bd"
Alaris Gh Syringe Pump
Search vendor "Bd" for product "Alaris Gh Syringe Pump"
--
Safe
Bd
Search vendor "Bd"
Alaris Cc Syringe Pump Firmware
Search vendor "Bd" for product "Alaris Cc Syringe Pump Firmware"
<= 2.3.6
Search vendor "Bd" for product "Alaris Cc Syringe Pump Firmware" and version " <= 2.3.6"
-
Affected
in Bd
Search vendor "Bd"
Alaris Cc Syringe Pump
Search vendor "Bd" for product "Alaris Cc Syringe Pump"
--
Safe
Bd
Search vendor "Bd"
Alaris Tiva Syringe Pump Firmware
Search vendor "Bd" for product "Alaris Tiva Syringe Pump Firmware"
<= 2.3.6
Search vendor "Bd" for product "Alaris Tiva Syringe Pump Firmware" and version " <= 2.3.6"
-
Affected
in Bd
Search vendor "Bd"
Alaris Tiva Syringe Pump
Search vendor "Bd" for product "Alaris Tiva Syringe Pump"
--
Safe