Vulnerability Details : CVE-2017-12701
BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-12701
- cpe:2.3:o:cpap:luna_cpap_machine_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12701
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12701
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-12701
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-12701
-
http://www.securityfocus.com/bid/100354
BMC Medical and 3B Medical Luna CPAP Machine CVE-2017-12701 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01
BMC Medical and 3B Medical Luna CPAP Machine | CISAThird Party Advisory;US Government Resource
Jump to