{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50588", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2024-10-25T07:26:12.628Z", "datePublished": "2024-11-08T08:37:03.702Z", "dateUpdated": "2024-11-08T15:24:00.749Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elefant", "vendor": "HASOMED", "versions": [{"status": "affected", "version": "<24.03.03", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tobias Niemann, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\").</p><br>"}], "value": "An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\")."}], "impacts": [{"capecId": "CAPEC-70", "descriptions": [{"lang": "en", "value": "CAPEC-70 Try Common or Default Usernames and Passwords"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1393", "description": "CWE-1393 Use of Default Password", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-419", "description": "CWE-419 Unprotected Primary Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-11-08T08:37:03.702Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/hasomed"}, {"tags": ["patch"], "url": "https://hasomed.de/produkte/elefant/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from <a target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\">hasomed.de/produkte/elefant/</a> or via the Elefant Software Updater.<br></p>"}], "value": "The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater."}], "source": {"discovery": "UNKNOWN"}, "title": "Unprotected Exposed Firebird Database with default credentials", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.</p>"}], "value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "hasomed", "product": "elefant", "cpes": ["cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "24.03.03", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T15:22:07.112507Z", "id": "CVE-2024-50588", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T15:24:00.749Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-50588", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-08T15:22:07.112507Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"], "vendor": "hasomed", "product": "elefant", "versions": [{"status": "affected", "version": "0", "lessThan": "24.03.03", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T15:23:54.716Z"}}], "cna": {"title": "Unprotected Exposed Firebird Database with default credentials", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Tobias Niemann, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"}, {"lang": "en", "type": "finder", "value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"}], "impacts": [{"capecId": "CAPEC-70", "descriptions": [{"lang": "en", "value": "CAPEC-70 Try Common or Default Usernames and Passwords"}]}], "affected": [{"vendor": "HASOMED", "product": "Elefant", "versions": [{"status": "affected", "version": "<24.03.03", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/ or via the Elefant Software Updater.", "supportingMedia": [{"type": "text/html", "value": "<p>The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from <a target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\">hasomed.de/produkte/elefant/</a> or via the Elefant Software Updater.<br></p>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/hasomed", "tags": ["third-party-advisory"]}, {"url": "https://hasomed.de/produkte/elefant/", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.", "supportingMedia": [{"type": "text/html", "value": "<p>While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.</p>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\").", "supportingMedia": [{"type": "text/html", "value": "<p>An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\").</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1393", "description": "CWE-1393 Use of Default Password"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-419", "description": "CWE-419 Unprotected Primary Channel"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-11-08T08:37:03.702Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50588", "state": "PUBLISHED", "dateUpdated": "2024-11-08T15:24:00.749Z", "dateReserved": "2024-10-25T07:26:12.628Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-11-08T08:37:03.702Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\")."}, {"lang": "es", "value": "Un atacante no autenticado con acceso a la red local del consultorio m\u00e9dico puede utilizar credenciales predeterminadas conocidas para obtener acceso remoto de administrador de base de datos a la base de datos Firebird de Elefant. Los datos de la base de datos incluyen datos de pacientes y credenciales de inicio de sesi\u00f3n, entre otros datos confidenciales. Adem\u00e1s, esto permite a un atacante crear y sobrescribir archivos arbitrarios en el sistema de archivos del servidor con los derechos de la base de datos Firebird (\"NT AUTHORITY\\SYSTEM\")."}], "id": "CVE-2024-50588", "lastModified": "2024-11-08T19:01:03.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-08T09:15:07.680", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://hasomed.de/produkte/elefant/"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/hasomed"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1393"}, {"lang": "en", "value": "CWE-419"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}

{}