Vulnerability Details : CVE-2023-30559
The firmware update package for the wireless card is not properly signed and can be modified.
Vulnerability category: Input validationBypassGain privilege
Products affected by CVE-2023-30559
- cpe:2.3:o:bd:alaris_8015_pcu_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30559
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30559
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
Becton, Dickinson and Company (BD) | |
5.2
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
0.9
|
4.2
|
Becton, Dickinson and Company (BD) | 2024-02-08 |
5.7
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
0.9
|
4.7
|
NIST |
CWE ids for CVE-2023-30559
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: cybersecurity@bd.com (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by:
- cybersecurity@bd.com (Secondary)
- nvd@nist.gov (Primary)
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: cybersecurity@bd.com (Secondary)
References for CVE-2023-30559
-
https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-alaris-system-with-guardrails-suite-mx
BD Alaris™ System with Guardrails™ Suite MXVendor Advisory
Jump to