Default Password Vulnerability in Natus NeuroWorks and SleepWorks (Before 8.4 GMA3) Allows Remote Code Execution and Data Exfiltration

Default Password Vulnerability in Natus NeuroWorks and SleepWorks (Before 8.4 GMA3) Allows Remote Code Execution and Data Exfiltration

CVE-2023-47800 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.