CVE-2024-50588 (GCVE-0-2024-50588)
Vulnerability from cvelistv5
Published
2024-11-08 08:37
Modified
2024-11-08 15:24
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Summary
An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the database includes patient data and login credentials among other sensitive data. In addition, this enables an attacker to create and overwrite arbitrary files on the server filesystem with the rights of the Firebird database ("NT AUTHORITY\SYSTEM").
References
Impacted products
Vendor Product Version
HASOMED Elefant Version: <24.03.03   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "elefant",
            "vendor": "hasomed",
            "versions": [
              {
                "lessThan": "24.03.03",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-50588",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T15:22:07.112507Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:24:00.749Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Elefant",
          "vendor": "HASOMED",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c24.03.03",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tobias Niemann, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Daniel Hirschberger, SEC Consult Vulnerability Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Florian Stuhlmann, SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\").\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated attacker with access to the local network of the \nmedical office can use known default credentials to gain remote DBA \naccess to the Elefant Firebird database. The data in the database \nincludes patient data and login credentials among other sensitive data. \nIn addition, this enables an attacker to create and overwrite arbitrary \nfiles on the server filesystem with the rights of the Firebird database \n(\"NT AUTHORITY\\SYSTEM\")."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-70",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1393",
              "description": "CWE-1393 Use of Default Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-419",
              "description": "CWE-419 Unprotected Primary Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-08T08:37:03.702Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/hasomed"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://hasomed.de/produkte/elefant/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://hasomed.de/produkte/elefant/\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from  hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/  or via the Elefant Software Updater."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unprotected Exposed Firebird Database with default credentials",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor.\u003c/p\u003e"
            }
          ],
          "value": "While workarounds such as modifying the Elefant windows firewall \nrules and manually adjusting file permissions in the installation folder\n are feasible workarounds for some of the vulnerabilities, it is \nrecommended to install the patches provided by the vendor."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2024-50588",
    "datePublished": "2024-11-08T08:37:03.702Z",
    "dateReserved": "2024-10-25T07:26:12.628Z",
    "dateUpdated": "2024-11-08T15:24:00.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50588\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2024-11-08T09:15:07.680\",\"lastModified\":\"2024-11-08T19:01:03.880\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated attacker with access to the local network of the \\nmedical office can use known default credentials to gain remote DBA \\naccess to the Elefant Firebird database. The data in the database \\nincludes patient data and login credentials among other sensitive data. \\nIn addition, this enables an attacker to create and overwrite arbitrary \\nfiles on the server filesystem with the rights of the Firebird database \\n(\\\"NT AUTHORITY\\\\SYSTEM\\\").\"},{\"lang\":\"es\",\"value\":\"Un atacante no autenticado con acceso a la red local del consultorio m\u00e9dico puede utilizar credenciales predeterminadas conocidas para obtener acceso remoto de administrador de base de datos a la base de datos Firebird de Elefant. Los datos de la base de datos incluyen datos de pacientes y credenciales de inicio de sesi\u00f3n, entre otros datos confidenciales. Adem\u00e1s, esto permite a un atacante crear y sobrescribir archivos arbitrarios en el sistema de archivos del servidor con los derechos de la base de datos Firebird (\\\"NT AUTHORITY\\\\SYSTEM\\\").\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-419\"},{\"lang\":\"en\",\"value\":\"CWE-1393\"}]}],\"references\":[{\"url\":\"https://hasomed.de/produkte/elefant/\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://r.sec-consult.com/hasomed\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50588\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T15:22:07.112507Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:hasomed:elefant:*:*:*:*:*:*:*:*\"], \"vendor\": \"hasomed\", \"product\": \"elefant\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"24.03.03\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T15:23:54.716Z\"}}], \"cna\": {\"title\": \"Unprotected Exposed Firebird Database with default credentials\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Tobias Niemann, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Daniel Hirschberger, SEC Consult Vulnerability Lab\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Florian Stuhlmann, SEC Consult Vulnerability Lab\"}], \"impacts\": [{\"capecId\": \"CAPEC-70\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-70 Try Common or Default Usernames and Passwords\"}]}], \"affected\": [{\"vendor\": \"HASOMED\", \"product\": \"Elefant\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c24.03.03\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from  hasomed.de/produkte/elefant/ https://hasomed.de/produkte/elefant/  or via the Elefant Software Updater.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vendor fixed the issue in version 24.03.03 (or higher) which can be downloaded from \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://hasomed.de/produkte/elefant/\\\"\u003ehasomed.de/produkte/elefant/\u003c/a\u003e or via the Elefant Software Updater.\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/hasomed\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://hasomed.de/produkte/elefant/\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"While workarounds such as modifying the Elefant windows firewall \\nrules and manually adjusting file permissions in the installation folder\\n are feasible workarounds for some of the vulnerabilities, it is \\nrecommended to install the patches provided by the vendor.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eWhile workarounds such as modifying the Elefant windows firewall \\nrules and manually adjusting file permissions in the installation folder\\n are feasible workarounds for some of the vulnerabilities, it is \\nrecommended to install the patches provided by the vendor.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unauthenticated attacker with access to the local network of the \\nmedical office can use known default credentials to gain remote DBA \\naccess to the Elefant Firebird database. The data in the database \\nincludes patient data and login credentials among other sensitive data. \\nIn addition, this enables an attacker to create and overwrite arbitrary \\nfiles on the server filesystem with the rights of the Firebird database \\n(\\\"NT AUTHORITY\\\\SYSTEM\\\").\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn unauthenticated attacker with access to the local network of the \\nmedical office can use known default credentials to gain remote DBA \\naccess to the Elefant Firebird database. The data in the database \\nincludes patient data and login credentials among other sensitive data. \\nIn addition, this enables an attacker to create and overwrite arbitrary \\nfiles on the server filesystem with the rights of the Firebird database \\n(\\\"NT AUTHORITY\\\\SYSTEM\\\").\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1393\", \"description\": \"CWE-1393 Use of Default Password\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-419\", \"description\": \"CWE-419 Unprotected Primary Channel\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2024-11-08T08:37:03.702Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-50588\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-08T15:24:00.749Z\", \"dateReserved\": \"2024-10-25T07:26:12.628Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2024-11-08T08:37:03.702Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.