Natus NeuroWorks/SleepWorks up to 8.4 GMA2 SQL Server default password
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Natus NeuroWorks and SleepWorks up to 8.4 GMA2. This issue affects some unknown processing of the component SQL Server. Performing a manipulation results in default password. This vulnerability is identified as CVE-2023-47800. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Natus NeuroWorks and SleepWorks up to 8.4 GMA2. It has been classified as critical. This affects an unknown code of the component SQL Server. The manipulation with an unknown input leads to a default password vulnerability. CWE is classifying the issue as CWE-1393. The product uses default passwords for potentially critical functionality. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
The weakness was released 11/10/2023. The advisory is shared at trustwave.com. This vulnerability is uniquely identified as CVE-2023-47800. Neither technical details nor an exploit are publicly available.
Upgrading to version 8.4 GMA3 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-51895). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.4
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Default passwordCWE: CWE-1393
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: NeuroWorks/SleepWorks 8.4 GMA3
Timeline
11/10/2023 🔍11/10/2023 🔍
11/10/2023 🔍
02/24/2026 🔍
Sources
Advisory: trustwave.comStatus: Confirmed
CVE: CVE-2023-47800 (🔍)
GCVE (CVE): GCVE-0-2023-47800
GCVE (VulDB): GCVE-100-244941
EUVD: 🔍
Entry
Created: 11/10/2023 07:57Updated: 02/24/2026 11:10
Changes: 11/10/2023 07:57 (38), 12/06/2023 08:40 (1), 12/06/2023 08:41 (11), 02/24/2026 11:10 (15)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.