John Layden December 6, 2021, 17:00 UTC
Update time: December 6, 2021 18:22 UTC
Nursing home communication tool problem
There are vulnerabilities in the latest version of CATIE Web. CATIE Web is an online platform designed to meet the needs of the elderly in assisted living environments, causing data exposure risks.
Security researchers from Bishop Fox discovered four local file disclosure vulnerabilities in the CATIE Web 20.04.0 version. The latest version of the application is 21.06.0.
A flaw in an earlier version could allow an unauthenticated remote attacker to read arbitrary files through four separate application endpoints.
Bishop Fox stated that the vulnerabilities were disclosed to the developer Status Solutions in August after receiving no response for several weeks.
There has been no further communication between the two since then, which prompted Bishop Fox to have a Detailed technical blog post last week.
Drink it every day Request Status Solutions to comment on these findings. We want to find out what advice it must provide to customers who are still running older versions of the software.
There is no news yet, but we will update the story when we have more information.
Assisted living
CATIE Web is described as “a kind of communication, self-service, and residents’ participation software that helps the elderly connect with the community”, while also “allowing employees to understand the needs of residents every day.”
The technology provides functions such as radio channels, meal and event reminders, employee lists, and video conferencing.
Read more latest security research news
The security vulnerabilities in CATIE Web 20.04.0 discovered by Bishop Fox security researchers Nate Robb and Dan Ritter may reveal sensitive information.
Attackers can use these vulnerabilities to read or download any file on the host because the vulnerable service has root privileges. Accessible files may include application source code, password hashes, and clear text secrets in configuration files. With this level of access, an attacker may gain access to the application and ultimately compromise the host.
Drink it every day Bishop Fox is required to estimate the installation base of the vulnerable platform and other issues. We will update this story when we have more information.
Respected Critical vulnerability in the open source forum software NodeBB may lead to RCE
