Vulnerability Description
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Natus | Neuroworks Eeg | < 8.4 |
| Natus | Sleepworks | < 8.4 |
Related Weaknesses (CWE)
References
- https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-ProdVendor Advisory
- https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txtExploitThird Party Advisory
- https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-ProdVendor Advisory
- https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txtExploitThird Party Advisory
FAQ
What is CVE-2023-47800?
CVE-2023-47800 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfi...
How severe is CVE-2023-47800?
CVE-2023-47800 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-47800?
Check the references section above for vendor advisories and patch information. Affected products include: Natus Neuroworks Eeg, Natus Sleepworks.