Download of code without integrity check in Philips products - CVE-2019-13534
Published: September 13, 2019
Vulnerability identifier: #VU21105
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-13534
CWE-ID: CWE-494
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Philips
Affected software:
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. A remote attacker with ability to perform a man-in-the-middle attack can execute arbitrary code on the target system.
How to mitigate CVE-2019-13534
This vulnerability was fixed only in the WLAN Version C.