Home

Description

Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.

PUBLISHED Reserved 2026-06-01 | Published 2026-06-01 | Updated 2026-06-03 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-451 User Interface (UI) Misrepresentation of Critical Information

Product status

Default status
unaffected

Infinity Explorer C700 (custom)
affected

Credits

Marc Ruef and Rocco Gagliardi, scip AG finder

References

static.draeger.com/...ity-delta-vf10-1-security-advisory.pdf vendor-advisory

www.vulncheck.com/...vilege-escalation-via-kiosk-mode-bypass third-party-advisory

cve.org (CVE-2019-25718)

nvd.nist.gov (CVE-2019-25718)

Download JSON