CVE-2023-47800 Information

Description

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account allowing a threat actor to perform remote code execution data exfiltration or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.

Reference

https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf