SB2020092104 - Algorithm Downgrade in Philips Clinical Collaboration Platform



SB2020092104 - Algorithm Downgrade in Philips Clinical Collaboration Platform

Published: September 21, 2020

Security Bulletin ID SB2020092104
CSH Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Algorithm Downgrade (CVE-ID: CVE-2020-16200)

CWE-ID: CWE-757 - Selection of Less-Secure Algorithm During Negotiat

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the affected software does not properly control the allocation and maintenance of a limited resource. A remote attacker on the local network can influence the amount of resources consumed, eventually leading to the exhaustion of available resources.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.