PatchSiren cyber security CVE debrief
CVE-2024-6795 Baxter CVE debrief
A critical SQL injection vulnerability in the Baxter Connex Health Portal, published by CISA on September 5, 2024, allows remote unauthenticated attackers to execute arbitrary SQL queries with full database control including data access, modification, deletion, and administrative operations such as database shutdown. The vulnerability stems from improper input sanitization on certain parameters. Baxter patched this vulnerability promptly after discovery with no additional user action required, and no exploitation or data compromise has been reported.
- Vendor
- Baxter
- Product
- Connex Health Portal
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-09-05
- Original CVE updated
- 2024-09-05
- Advisory published
- 2024-09-05
- Advisory updated
- 2024-09-05
Who should care
Healthcare organizations using Baxter Connex Health Portal, clinical IT security teams, medical device security officers, HIPAA compliance officers, and database administrators supporting healthcare information systems.
Technical summary
The Baxter Connex Health Portal contained an SQL injection vulnerability due to improper sanitization of parameter values. A remote attacker without authentication could exploit this to execute arbitrary SQL commands, enabling complete database compromise including sensitive data access, modification, deletion, and administrative control including database shutdown. The vulnerability was remediated by August 30, 2024.
Defensive priority
CRITICAL
Recommended defensive actions
- Verify Baxter Connex Health Portal instances are running versions dated August 30, 2024 or later
- Review database access logs for anomalous query patterns from unauthenticated sources prior to patch date
- Implement network segmentation to restrict portal access to authorized clinical networks only
- Apply principle of least privilege to database accounts used by the portal application
- Enable comprehensive SQL query logging and monitoring for early detection of injection attempts
- Conduct code review of other input parameters for similar sanitization deficiencies
Evidence notes
CISA ICS Medical Advisory ICSMA-24-249-01 confirms this vulnerability was patched by August 30, 2024, with no known exploitation. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H reflects network attackability without authentication, low complexity, and high impacts across confidentiality, integrity, and availability with scope change.
Official resources
-
CVE-2024-6795 CVE record
CVE.org
-
CVE-2024-6795 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-09-05