SB2019083008 - Security restrictions bypass in Philips HDI 4000 Ultrasound
Published: August 30, 2019
Security Bulletin ID
SB2019083008
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of Obsolete Function (CVE-ID: CVE-2019-10988)
The vulnerability allows a local attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the software is built on an old operating system that is no longer supported. A local authenticated administrator can exploit this vulnerability to expose ultrasound images (breaches of confidentiality) and compromise image integrity.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.