CVE Record: CVE-2024-50593

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software.

CWE 1 Total

CWE-798: CWE-798 Use of Hard-coded Credentials

Product Status

Versions 1 Total

Default Status: unaffected

affected

Credits

Tobias Niemann, SEC Consult Vulnerability Lab finder
Daniel Hirschberger, SEC Consult Vulnerability Lab finder
Florian Stuhlmann, SEC Consult Vulnerability Lab finder

References 2 Total

https://r.sec-consult.com/hasomed
external site
third-party-advisory
https://hasomed.de/produkte/elefant/
external site
patch

Authorized Data Publishers