SB2018121102 - Security restrictions bypass in Philips HealthSuite Health Android App
Published: December 11, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2018-19001)
CWE-ID: CWE-326 - Inadequate Encryption Strength
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a physical attacker to bypass security restrictions on the target system.
The weakness exists due to the software uses simple encryption that is not strong enough for the level of protection required. A physical attacker can bypass security restrictions and impact confidentiality and integrity of the product.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.