Main Vulnerability Database SB2020062613

SB2020062613 - Authentication bypass in Philips Ultrasound Systems

Published: June 26, 2020

Security Bulletin ID SB2020062613

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2020-14477)

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to bypass authentication process.

The vulnerability exist due to improper implementation of the authentication process. A local user can use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsma-20-177-01

SB2020062613 - Authentication bypass in Philips Ultrasound Systems

Breakdown by Severity

Description

Remediation

References

Please verify you're human