Vulnerability CVE-2021-43935


Published: 2021-12-15

Description:
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

Type:

CWE-288

(Authentication Bypass Using an Alternate Path or Channel)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Baxter -> Welch allyn connex cardio 
Baxter -> Welch allyn diagnostic cardiology suite 
Baxter -> Welch allyn rscribe resting ecg system 
Baxter -> Welch allyn vision express holter analysis system 

 References:
https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01

Copyright 2024, cxsecurity.com

 

Back to Top