CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50588

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00118/1

CVE-2024-50588 allows unauthenticated attackers on the local network to gain remote database administrator (DBA) access to the Elefant Firebird database using default credentials. This vulnerability exposes sensitive data, including patient information and login credentials. An attacker could create and overwrite arbitrary files on the server filesystem with system-level privileges. Despite a CVSS score of 0, highlighting the lack of immediate remote exploitability, the SOCRadar Vulnerability Risk Score (SVRS) of 30 indicates a moderate risk considering real-world exploitability. Successful exploitation leads to full system compromise and data breach. This CVE is significant due to the potential impact on patient privacy and system integrity within medical environments. Organizations should immediately change default credentials and restrict network access to the database.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-11-08
LAST MODIFIED2024-11-08

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
2024-11-10
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater | Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Nov 09SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: HASOMED Elefant and Elefant Software Updater vulnerable version: fixed version: 24.04.00, Elefant Software Updater 1.4.2.1811 CVE number: CVE-2024-50588,...
seclists.org
rss
forum
news
CVE-2024-50588 | Hasomed Elefant prior 24.03.03 default password
vuldb.com2024-11-09
CVE-2024-50588 | Hasomed Elefant prior 24.03.03 default password | A vulnerability classified as very critical was found in Hasomed Elefant. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of default password. This vulnerability is known as CVE-2024-50588. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news

Social Media

CVE-2024-50588 (CVSS:9.8, CRITICAL) is Awaiting Analysis. An unauthenticated attacker with access to the local network of the medical office can use known default credentials to..https://t.co/f2WhfGHjXO #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
551230F0-3615-47BD-B7CC-93E92E730BBFhttps://hasomed.de/produkte/elefant/
551230F0-3615-47BD-B7CC-93E92E730BBFhttps://r.sec-consult.com/hasomed
GITHUBhttps://r.sec-consult.com/hasomed

CWE Details

CWE IDCWE NameDescription
CWE-419Unprotected Primary ChannelThe software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence