Vulnerability Description
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fresenius-Kabi | Agilia Connect | <= d25 |
| Fresenius-Kabi | Agilia Partner Maintenance Software | <= 3.3.0 |
| Fresenius-Kabi | Vigilant Centerium | 1.0 |
| Fresenius-Kabi | Vigilant Insight | 1.0 |
| Fresenius-Kabi | Vigilant Mastermed | 1.0 |
| Fresenius-Kabi | Link\+ Agilia Firmware | < 3.0 |
| Fresenius-Kabi | Link\+ Agilia | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-23207?
CVE-2021-23207 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate...
How severe is CVE-2021-23207?
CVE-2021-23207 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23207?
Check the references section above for vendor advisories and patch information. Affected products include: Fresenius-Kabi Agilia Connect, Fresenius-Kabi Agilia Partner Maintenance Software, Fresenius-Kabi Vigilant Centerium, Fresenius-Kabi Vigilant Insight, Fresenius-Kabi Vigilant Mastermed.