Cyber Resilience

CVE-2021-23233

High

Published: 21 January 2022

Published
21 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0032 55.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-23233 is a high-severity Improper Access Control (CWE-284) vulnerability in Fresenius-Kabi Link\+ Agilia Firmware. Its CVSS base score is 7.3 (High).

Operationally, ranked in the top 44.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify…

more

critical configuration parameters.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fresenius-kabi
agilia partner maintenance software
≤ 3.3.0
fresenius-kabi
vigilant centerium
1.0
fresenius-kabi
vigilant insight
1.0
fresenius-kabi
vigilant mastermed
1.0
fresenius-kabi
agilia connect firmware
≤ d25
fresenius-kabi
link\+ agilia firmware
3.0 · ≤ 3.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-284 CWE-798

Security training teaches access control policies and enforcement, reducing improper access control implementations.

addresses: CWE-284 CWE-798

Authorization servers centrally manage access rights, preventing improper access control.

addresses: CWE-284 CWE-798

Central management enforces consistent access-control policies across systems, reducing the likelihood of missing or inconsistent enforcement.

addresses: CWE-284 CWE-798

Resources allocated to security programs enable proper design, implementation, and maintenance of access control mechanisms.

addresses: CWE-284 CWE-798

Screening criteria tied to position sensitivity limit the set of individuals who can be granted access, shrinking the attack surface for improper access control weaknesses.

addresses: CWE-284 CWE-798

Threat hunting directly searches for indicators of unauthorized access or control violations that bypassed preventive mechanisms.

addresses: CWE-284 CWE-798

Defining security roles/responsibilities and integrating risk management into the SDLC directly reduces improper access control by ensuring access decisions are designed and reviewed throughout development.

addresses: CWE-284 CWE-798

Guidance on effective use of access control mechanisms and known configuration vulnerabilities makes improper access control harder to exploit.

References