CVE-2024-9832
CRITICALDescription
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure.
Is your site exposed to CVE-2024-9832?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2024-9832? +
How severe is CVE-2024-9832? +
How do I check if I'm vulnerable to CVE-2024-9832? +
Related Vulnerabilities
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to …
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web …
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to …
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary …
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …