CVE-2024-48970

Summary

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.

Affected Software

VendorProductVersion RangeStatus
BaxterLife2000 Ventilation System06.08.00.00 and prioraffected

Weaknesses

  • CWE-1191: CWE-1191 On-Chip Debug and Test Interface with Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References