CVE-2024-1275
Vulnerability in Baxter Welch Allyn Connex Spot Monitor
Severity Score
9.1
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52.
El uso de la vulnerabilidad de clave criptográfica predeterminada en Baxter Welch Ally Connex Spot Monitor puede permitir la manipulación de la configuración/entorno. Este problema afecta a Welch Ally Connex Spot Monitor en todas las versiones anteriores a la 1.52.
*Credits:
Maarten Boone and Edwin Van Andel (CTO of Zerocopter) reported this vulnerability to Baxter.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-06 CVE Reserved
- 2024-05-31 CVE Published
- 2024-06-01 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1394: Use of Default Cryptographic Key
CAPEC
- CAPEC-176: Configuration/Environment Manipulation
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Baxter Search vendor "Baxter" | Welch Allyn Connex Spot Monitor Search vendor "Baxter" for product "Welch Allyn Connex Spot Monitor" | <= 1.52 Search vendor "Baxter" for product "Welch Allyn Connex Spot Monitor" and version " <= 1.52" | en |
Affected
| ||||||