CVE-2021-33846

MEDIUM

Fresenius Kabi Vigilant Software Suite - JWT Token Spoofing via Symmetric Key Exposure

Title source: llm

Description

Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/uscert/ics/advisories/icsma-21-355-01

Scores

CVSS v3 5.9

EPSS 0.0031

EPSS Percentile 22.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-327

Status published

Products (7)

fresenius-kabi/agilia_connect_firmware < d25

fresenius-kabi/agilia_partner_maintenance_software < 3.3.0

fresenius-kabi/link\+_agilia_firmware 3.0 (2 CPE variants)

fresenius-kabi/link\+_agilia_firmware < 3.0

fresenius-kabi/vigilant_centerium 1.0

fresenius-kabi/vigilant_insight 1.0

fresenius-kabi/vigilant_mastermed 1.0

Published Jan 21, 2022

Tracked Since Feb 18, 2026