A high-severity privilege escalation vulnerability in the Dräger Infinity Explorer C700 allows attackers to bypass kiosk mode and gain unauthorized access to the underlying operating system.

This vulnerability involves a breakout of kiosk mode via specific dialog interactions. Successful exploitation grants the attacker control over the underlying operating system, which can disrupt services and reporting for connected Delta Family patient monitors.

The CVSS score of 8.4 reflects the danger of this privilege escalation, which could result in the loss of integrity and availability of critical medical monitoring data. Unauthorized access to the underlying OS may allow attackers to manipulate patient information or cause device downtime, creating significant operational and clinical safety risks.

Immediate Action: Apply the available patch from the GitHub Advisory (GHSA-gv7p-xf8g-c233) immediately to resolve the kiosk mode breakout.

Proactive Monitoring: Review user permissions and access control logs for unauthorized attempts to interact with system dialogs or administrative functions.

Compensating Controls: Isolate affected devices on a restricted network segment and disable unnecessary input interfaces to limit the attack surface.

Public Exploit Available: false

This vulnerability presents a critical threat to medical device integrity. Organizations utilizing the Dräger Infinity Explorer C700 must prioritize applying the provided patch to prevent unauthorized system access and ensure the continued reliability of patient monitoring systems.