CVE-2019-25718
8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dräger | Infinity Explorer C700 | Infinity Explorer C700 | affected |
Weaknesses
- CWE-451: CWE-451 User Interface (UI) Misrepresentation of Critical Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf
- https://www.vulncheck.com/advisories/dr-ger-infinity-explorer-c700-privilege-escalation-via-kiosk-mode-bypass
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.