Vulnerability Description
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fresenius-Kabi | Agilia Partner Maintenance Software | <= 3.3.0 |
| Fresenius-Kabi | Vigilant Centerium | 1.0 |
| Fresenius-Kabi | Vigilant Insight | 1.0 |
| Fresenius-Kabi | Vigilant Mastermed | 1.0 |
| Fresenius-Kabi | Agilia Connect Firmware | <= d25 |
| Fresenius-Kabi | Agilia Connect | - |
| Fresenius-Kabi | Link\+ Agilia Firmware | < 3.0 |
| Fresenius-Kabi | Link\+ Agilia | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-33846?
CVE-2021-33846 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possess...
How severe is CVE-2021-33846?
CVE-2021-33846 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33846?
Check the references section above for vendor advisories and patch information. Affected products include: Fresenius-Kabi Agilia Partner Maintenance Software, Fresenius-Kabi Vigilant Centerium, Fresenius-Kabi Vigilant Insight, Fresenius-Kabi Vigilant Mastermed, Fresenius-Kabi Agilia Connect Firmware.