Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
References
Link | Resource |
---|---|
https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf | Vendor Advisory |
https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-10T00:00:00
Updated: 2023-11-10T06:16:42.566966
Reserved: 2023-11-10T00:00:00
Link: CVE-2023-47800
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-10T07:15:07.910
Modified: 2023-11-23T01:18:44.300
Link: CVE-2023-47800
JSON object: View
Redhat Information
No data.
CWE