CVE Catalog

CVE-2019-25717

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A vulnerability in Dräger Infinity Delta, Delta XL, and Kappa patient monitors allows unauthenticated network attackers to access log files. Attackers can retrieve device internals, location information, and wired network configuration details.

Risk Assessment

The risk involves exposure of sensitive data such as device location and network configuration, which could facilitate further attacks on hospital infrastructure.

Recommendation

Immediately update the monitor firmware to the latest version and restrict network access to these devices to trusted hosts only.

Original NVD description (English source)

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS