CVE-2020-25165 - OpenCVE

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bd	Alaris 8015 Pcu Alaris 8015 Pcu Firmware Alaris Systems Manager

Configuration 1 [-]

AND

cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:bd:alaris_systems_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-11-13T15:06:08

Updated: 2024-08-04T15:26:09.484Z

Reserved: 2020-09-04T00:00:00

Link: CVE-2020-25165

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-13T16:15:18.027

Modified: 2020-12-03T14:18:38.980

Link: CVE-2020-25165

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BD Alaris PC Unit and BD Alaris Systems Manager", "vendor": "n/a", "versions": [{"status": "affected", "version": "BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier"}]}], "descriptions": [{"lang": "en", "value": "BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "IMPROPER AUTHENTICATION CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-13T15:06:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25165", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BD Alaris PC Unit and BD Alaris Systems Manager", "version": {"version_data": [{"version_value": "BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER AUTHENTICATION CWE-287"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:09.484Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25165", "datePublished": "2020-11-13T15:06:08", "dateReserved": "2020-09-04T00:00:00", "dateUpdated": "2024-08-04T15:26:09.484Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B3B2243-0B6E-46C4-8F55-C18179DE4A24", "versionEndIncluding": "9.33.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bd:alaris_8015_pcu:-:*:*:*:*:*:*:*", "matchCriteriaId": "5909B9D0-07A7-4AA1-8FF4-CE6DEBCE14DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bd:alaris_systems_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E184AA1-0325-46A1-83F4-4299C71F9940", "versionEndIncluding": "4.33", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit."}, {"lang": "es", "value": "BD Alaris PC Unit, Model 8015, versiones 9.33.1 y anteriores y BD Alaris Systems Manager, versiones 4.33 y anteriores Los productos afectados son susceptibles a una vulnerabilidad de autenticaci\u00f3n de sesi\u00f3n de red dentro del proceso de autenticaci\u00f3n entre versiones especificadas del BD Alaris PC Unit y del BD Alaris Systems Manager. Si es explotado, un atacante podr\u00eda llevar a cabo un ataque de denegaci\u00f3n de servicio en el BD Alaris PC Unit para modificar unos encabezados de configuraci\u00f3n de los datos en tr\u00e1nsito. Un ataque de denegaci\u00f3n de servicio podr\u00eda conllevar a una perdida en la capacidad inal\u00e1mbrica del BD Alaris PC Unit, resultando en el funcionamiento manual del PC Unit"}], "id": "CVE-2020-25165", "lastModified": "2020-12-03T14:18:38.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-13T16:15:18.027", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}