Main Vulnerability Database Vulnerabilities #VU14584

Information disclosure in Philips e-Alert Unit - CVE-2018-14803

Published: August 31, 2018

Vulnerability identifier: #VU14584

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14803

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Philips

Affected software:
Philips e-Alert Unit

Detailed vulnerability description

The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to a banner disclosure. A remote attacker can use the HTTP response header that is normally not available to the attacker and obtain extraneous product information, such as OS and software components.

How to mitigate CVE-2018-14803

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01

Information disclosure in Philips e-Alert Unit - CVE-2018-14803

Detailed vulnerability description

How to mitigate CVE-2018-14803

Sources

Please verify you're human