Main Vulnerability Database Vulnerabilities #VU29305

Authentication bypass using an alternate path or channel in Philips products - CVE-2020-14477

Published: June 26, 2020

Vulnerability identifier: #VU29305

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-14477

CWE-ID: CWE-288

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Ultrasound ClearVue
Ultrasound CX
Ultrasound EPIQ
Ultrasound Affiniti
Ultrasound Sparq
Ultrasound Xperius

Software vendor:
Philips

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exist due to improper implementation of the authentication process. A local user can use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-177-01

Authentication bypass using an alternate path or channel in Philips products - CVE-2020-14477

Description

Remediation

External links

Please verify you're human