Default Password Vulnerability in Natus NeuroWorks and SleepWorks (Before 8.4 GMA3) Allows Remote Code Execution and Data Exfiltration
CVE-2023-47800 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.