CVE-2021-43355
moderate-risk
Published 2022-01-21
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypass the client-side checks. An attacker with knowledge of the service user could circumvent the client-side control and login with service privileges.
Do I need to act?
-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.3/10
High
NETWORK
/ LOW complexity
Affected Products (8)
Agilia Partner Maintenance Software
Vigilant Centerium
Vigilant Insight
Vigilant Mastermed
Agilia Connect Firmware
Link\+ Agilia Firmware
Link\+ Agilia Firmware
Link\+ Agilia Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01
Third Party Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01
41
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate