Main Vulnerability Database Vulnerabilities #VU20484

Use of Obsolete Function in HDI 4000 Ultrasound Systems - CVE-2019-10988

Published: August 30, 2019 / Updated: September 2, 2019

Vulnerability identifier: #VU20484

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-10988

CWE-ID: CWE-477

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Philips

Affected software:
HDI 4000 Ultrasound Systems

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the software is built on an old operating system that is no longer supported. A local authenticated administrator can exploit this vulnerability to expose ultrasound images (breaches of confidentiality) and compromise image integrity.

How to mitigate CVE-2019-10988

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Note, this hardware is no longer supported by the vendor.

Sources

https://ics-cert.us-cert.gov/advisories/icsma-19-241-02

Use of Obsolete Function in HDI 4000 Ultrasound Systems - CVE-2019-10988

Detailed vulnerability description

How to mitigate CVE-2019-10988

Sources

Please verify you're human