CVE-2020-14477
CVSS V2 Low 3.6
CVSS V3 Medium 4.4
Description
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Overview
- CVE ID
- CVE-2020-14477
- Assigner
- ics-cert@hq.dhs.gov
- Vulnerability Status
- Analyzed
- Published Version
- 2020-06-26T17:15:10
- Last Modified Date
- 2020-07-15T16:15:47
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:philips:clearvue_850_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2 | |
| cpe:2.3:h:philips:clearvue_850:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:clearvue_350_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.2 | |
| cpe:2.3:h:philips:clearvue_350:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:cx50_firmware:5.0.2:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:philips:cx50:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:affiniti_70_firmware:*:*:*:*:*:*:*:* | 1 | OR | 5.0 | |
| cpe:2.3:h:philips:affiniti_70:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:affiniti_50_firmware:*:*:*:*:*:*:*:* | 1 | OR | 5.0 | |
| cpe:2.3:h:philips:affiniti_50:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:epiq_7_firmware:*:*:*:*:*:*:*:* | 1 | OR | 5.0 | |
| cpe:2.3:h:philips:epiq_7:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:sparq_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.0.2 | |
| cpe:2.3:h:philips:sparq:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:philips:xperius_firmware:*:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:philips:xperius:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:P/I:P/A:N
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 3.6
- Severity
- LOW
- Exploitability Score
- 3.9
- Impact Score
- 4.9
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- LOW
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- LOW
- Availability Impact
- NONE
- Base Score
- 4.4
- Base Severity
- MEDIUM
- Exploitability Score
- 1.8
- Impact Score
- 2.5
References
| Reference URL | Reference Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-177-01 | Third Party Advisory US Government Resource |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-14477 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14477 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 16:40:42 | Added to TrackCVE | |||
| 2022-12-04 18:49:09 | 2020-06-26T17:15Z | 2020-06-26T17:15:10 | CVE Published Date | updated |
| 2022-12-04 18:49:09 | 2020-07-15T16:15:47 | CVE Modified Date | updated | |
| 2022-12-04 18:49:09 | Analyzed | Vulnerability Status | updated |