CVE-2020-25165
HIGHBD Alaris PC Unit and Alaris Systems Manager - Denial of Service via Network Session Authentication Bypass
Title source: llmDescription
BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsma-20-317-01
Scores
CVSS v3
7.5
EPSS
0.0169
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-287
Status
published
Products (2)
bd/alaris_8015_pcu_firmware
< 9.33.1
bd/alaris_systems_manager
< 4.33
Published
Nov 13, 2020
Tracked Since
Feb 18, 2026