CVE Record: CVE-2024-50588

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").

CWE 2 Total

Product Status

Versions 1 Total

Default Status: unaffected

affected

Credits

Tobias Niemann, SEC Consult Vulnerability Lab finder
Daniel Hirschberger, SEC Consult Vulnerability Lab finder
Florian Stuhlmann, SEC Consult Vulnerability Lab finder

References 2 Total

https://r.sec-consult.com/hasomed
external site
third-party-advisory
https://hasomed.de/produkte/elefant/
external site
patch

Authorized Data Publishers