Natus NeuroWorks and SleepWorks prior to 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
natus neuroworks eeg |
||
natus neuroworks eeg 8.4 |
||
natus sleepworks |
||
natus sleepworks 8.4 |