How severe is CVE-2023-0888?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-0888?

This is classified as CWE-95, which is a common weakness in software security.

CVE-2023-0888 - HIGH Severity | CVSS 7.2

Vulnerability Description

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks

Related Vulnerabilities

CVE-2019-9507

HIGH

CVSS:7.2(High)

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands wi...

CWE-952019

CVE-2024-10633

HIGH

CVSS:7.3(High)

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0...

CWE-952024

CVE-2023-6735

HIGH

CVSS:7.8(High)

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-952023

CVE-2023-7101

HIGH

CVSS:7.8(High)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated ...

CWE-952023

CVE-2023-7224

HIGH

CVSS:7.8(High)

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CWE-952023

CVE-2023-7245

HIGH

CVSS:7.8(High)

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via...

CWE-952023