SB2020021906 - Protection Mechanism Failure in GE Ultrasound products
Published: February 19, 2020
Security Bulletin ID
SB2020021906
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Physical access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Protection Mechanism Failure (CVE-ID: CVE-2020-6977)
The vulnerability allows a local attacker to gain access to the operating system of affected devices.
The vulnerability exists due to a restricted desktop environment escape in the "Kiosk Mode" functionality. An attacker with physical access can use specially crafted inputs and escape the restricted environment, resulting in access to the underlying operating system.
Note: This vulnerability does not affect LOGIQ 100 Pro, Venue 40 R1-3 and Venue 50 R4-5.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.