CVE-2015-3459

Sažetak

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

Reference

http://hextechsecurity.com/?p=123
http://imgur.com/CEAnZjj
http://imgur.com/JHiWSqd
http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm446809.htm
http://www.securityfocus.com/bid/74414
https://ics-cert.us-cert.gov/advisories/ICSA-15-125-01
https://twitter.com/dyngnosis/status/592671049487142913
https://twitter.com/dyngnosis/status/592743461977219072

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-01-2017 - 19:16

Objavljeno

29-04-2015 - 23:59