Attack Chain

1. The attacker gains physical or remote access to a Dräger Infinity Explorer C700 device.
2. The attacker interacts with a specific dialog within the kiosk mode application.
3. Through a series of interactions (details unspecified in source), the attacker triggers the privilege escalation vulnerability (CVE-2019-25718).
4. The attacker successfully escapes the kiosk mode environment.
5. The attacker gains access to the underlying operating system.
6. The attacker uses the elevated privileges to modify system settings or install malicious software.
7. The attacker manipulates the data displayed by the device from the connected Delta Family patient monitor.
8. The device displays incorrect, or no information to medical personnel.

Impact

Successful exploitation of CVE-2019-25718 allows an attacker to break out of kiosk mode on a Dräger Infinity Explorer C700 device, gaining access to the underlying operating system. This could lead to the display of incorrect or missing information from the connected Delta Family patient monitor, potentially affecting patient care and safety. The number of affected devices or specific sectors targeted is not specified in the provided source.

Recommendation

• Implement strict physical access controls to the Dräger Infinity Explorer C700 devices to prevent unauthorized access and initial exploitation.
• Monitor process creations for unusual processes running outside of the expected kiosk application scope.
• Monitor network connections for suspicious outbound traffic originating from the Dräger Infinity Explorer C700 devices using the Sigma rule “Detect Unusual Network Connection from Medical Device”.