CVE Catalog

CVE-2019-25718

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

The Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.

Risk Assessment

The risk to the organization is the potential takeover of the medical device, which could lead to displaying incorrect or no patient data, endangering patient safety and monitoring integrity.

Recommendation

It is recommended to immediately apply security patches provided by the manufacturer and restrict physical access to the device to authorized personnel only.

Original NVD description (English source)

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS