CVE-2024-6796 Baxter CVE debrief

Who should care

Healthcare organizations using Baxter Connex Health Portal for patient and clinic management; medical device security teams; HIPAA compliance officers; healthcare CISOs responsible for medical device cybersecurity

Technical summary

The Baxter Connex Health Portal contains a vulnerability that could allow an unauthorized attacker to access sensitive patient and clinician information, as well as modify or delete clinic details. The vulnerability is rated CVSS 3.1 8.2 (HIGH) with network attack vector, low complexity, and no required privileges or user interaction. The confidentiality impact is rated LOW while integrity impact is HIGH, with no availability impact. Baxter patched this vulnerability on August 30, 2024, and reports no known exploitation or data compromise.

Defensive priority

HIGH

Recommended defensive actions

• Verify that Baxter Connex Health Portal instances are running the August 30, 2024 patch or later
• Review access logs for unauthorized access to patient or clinician information
• Review audit logs for unauthorized modifications or deletions of clinic details
• Apply network segmentation for medical device management systems per ICS-CERT recommended practices
• Monitor for anomalous network traffic to Connex Health Portal endpoints

Evidence notes

CISA published advisory ICSMA-24-249-01 on September 5, 2024, documenting this vulnerability in the Baxter Connex Health Portal. The affected product is Baxter Connex Health Portal versions prior to August 30, 2024. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, with low confidentiality impact and high integrity impact.

Official resources