Project 1 - Vulnerability Memo PDF

Title Project 1 - Vulnerability Memo
Author Aaron Henry
Course Introduction to the U.S. Health Care Sector
Institution University of Maryland Global Campus
Pages 3
File Size 172.4 KB
File Type PDF
Total Downloads 66
Total Views 152
Preview
CLICK TO PREVIEW PDF
Summary

memo...

Description

Memo To:

Andrew Humes

From Aaron Henry : Date: October 10, 2020 Re: Vulnerability Report

The intent of this memorandum is to address, inform, and provide recommendations on proper mitigation steps required to correcting exploits that have been readily identified within Iot/ IoTM devices. It is the goal of this correspondence to provide detailed and informative resolutions to these devices with known exploits and to be able to make an educated security driven decision to that will strengthen security measures within this facility as to reduce exploits, vulnerabilities and weaknesses. Device 1: [NETGEAR WC7500/WC7600/WC7600v2/WC9500]

Product Description As Wireless networking continues to provide a desire to be connected anytime, anywhere a through a plethora of devices. NETGEAR Wireless Controller offer users just the means. The device enables wireless users the ability to seamlessly roam while continuously connected to an associated IT network. This device also has the capability to protect against intruders via advanced wireless rogue AP detection algorithms. The NETGEAR can also segment guest and corporate access with multiple SSIDs, Guest Captive Portal, and standard based VLAN configurations.

Vulnerability Memo

Page 3 of 3

CVE-2020-26931 - NETGEAR Wireless Controllers are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. Upgrading to version 6.5.5.24 eliminates this vulnerability. Recommendation - Currently NETGEAR has released a firmware update for the above mentioned wireless device(s). This current update will alleviate the known vulnerability within the listed device(s). Decision - Until all wireless controllers have been properly updated with the latest firmware, it is in the best decision to remove all wireless devices. Once firmware (version 6.5.5.24) has been downloaded and verified as up to date, the facility is free to re-install the wireless controllers for use within the facility.

Device 2: [Baxter PrismaFlex]

Product Description The Baxter PrismaFlex a system designed to treat and meet the needs of critically ill patients with acute kidney injury (AKI). The PRISMAFLEX System has the ability to pump blood from the patient through a filter and back to the patient. As the blood passes through the filter, the desired treatment processes take place. The Baxter PrismaFlex has the ability to maintain metabolic control, increase fluid removal Acid/base control, and provide Electrolyte balance. CVE-2020-12036 – It has been discovered that the Baxter PrismaFlex (all versions) has a vulnerability that does do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to the PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An attacker would have the ability to observe sensitive data sent from the device. Recommendation - This report recommends the facility completes the following actions to reduce risk and compensate controls. Ensure physical controls within user’s facility to protect against unauthorized access are implemented. This may minimize those who do not possess the appropriate level of access, need-to-know, or clearance. Ensure all passwords are kept safe and secure either in an approved safe or off site location. The device should be used only in accordance with its intended use and not for email, Internet access, file sharing, or other nonapproved use. No software of any kind should be installed on the device unless approved, in writing, by Baxter. Decision - It is in the best decision of this facility that all Baxter PrismaFlex devices be removed and banned from use until a product can be procured that produces less exploits and vulnerabilities. Utilizing this device could result in the compromise of patient information through various. Have this type of leak of PHI violates various HIPPA agreements and may cause local and federal ramifications with some punitive in nature.

Vulnerability Memo

Page 3 of 3

Works Cited Security Advisory for Sensitive Information Disclosure on Some Wireless Controllers, PSV-20200268. (2020, October 3). https://kb.netgear.com/000062321/Security-Advisory-forSensitive-Information-Disclosure-on-Some-Wireless-Controllers-PSV-2020-0268. Wireless Management. NETGEAR. https://www.netgear.com/business/products/wireless/wirelessmanagement/. CVE-2020-26931. CVE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26931. Prismaflex System for Critical Care. Baxter. https://www.baxter.com/healthcareprofessionals/critical-care/prismaflex-system-critical-care. Whooley, S. (2020, June 19). Baxter systems flagged for cybersecurity vulnerabilities. MassDevice. https://www.massdevice.com/baxter-systems-flagged-for-cybersecurityvulnerabilities/. CVE-2020-12036. CVE. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12036....

Similar Free PDFs
Project 1 - Vulnerability Memo
  • 3 Pages
Memo 1 - Memo 1 Assignment
  • 2 Pages
Project Memo - Prof. Darren Francis
  • 4 Pages
IT 253 Project One Memo
  • 2 Pages
Memo - Memo
  • 2 Pages
Using vulnerability theory
  • 4 Pages
Memo 1 MGMT1101
  • 4 Pages
Task 1 Memo Report
  • 2 Pages
IOR 1 page Memo - IOR page 1 memo assignment
  • 1 Pages
Memo - Business Memo Assignment
  • 2 Pages
INFA640 Software Vulnerability Exploitation
  • 7 Pages
Co-Sponser Memo 1
  • 1 Pages
Memo-1 Technical Writing
  • 3 Pages
Test 1 Memo
  • 4 Pages
1984-Vulnerability-Assignment
  • 4 Pages
Memo - Memo for stocks
  • 2 Pages
Popular Institutions