nvd-json-data-feeds/CVE-2021/CVE-2021-231xx/CVE-2021-23195.json

{
  "id": "CVE-2021-23195",
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "published": "2022-01-21T19:15:07.950",
  "lastModified": "2024-11-21T05:51:21.363",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server."
    },
    {
      "lang": "es",
      "value": "Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) versi\u00f3n 2.0.1.3, presenta habilitada la opci\u00f3n de indexaci\u00f3n autom\u00e1tica (listado de directorios). Cuando es accedido a un directorio, el servidor web entrega todo su contenido en forma de HTML. Si no presenta un archivo de \u00edndice y el listado de directorios est\u00e1 habilitado, ser\u00e1 mostrado todo el contenido del directorio, lo que permitir\u00e1 a un atacante identificar y acceder a los archivos del servidor"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "baseScore": 5.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-548"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fresenius-kabi:agilia_connect_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "d25",
              "matchCriteriaId": "8B4979F9-A7D5-4B5C-8FF2-C3C67773EE03"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:fresenius-kabi:agilia_connect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BBB63E-7E43-4BC1-A08F-4F1F811F839B"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fresenius-kabi:agilia_partner_maintenance_software:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "3.3.0",
              "matchCriteriaId": "3B072164-6AA2-4A14-B7D7-10B4B953004D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fresenius-kabi:vigilant_centerium:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47210A7-4753-4ED7-8E6B-9BE8EBFABC9F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fresenius-kabi:vigilant_insight:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C91B931-F726-4AB2-B3A6-D92F774CF04D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fresenius-kabi:vigilant_mastermed:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04AC7167-F5C8-46A2-B937-953E13D76A32"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "3.0",
              "matchCriteriaId": "45FA28DE-939F-4146-A6E2-CE8849C9CB16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "7D5FC3D0-9593-487B-B70A-F8BBCA8A18FF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fresenius-kabi:link\\+_agilia_firmware:3.0:d15:*:*:*:*:*:*",
              "matchCriteriaId": "67E88F2E-C12B-4B50-B087-3247F4748AF3"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:fresenius-kabi:link\\+_agilia:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1548AA3F-659F-43C3-9261-C7FD55465877"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01",
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    },
    {
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}