#VU21105 Download of code without integrity check in Philips products - CVE-2019-13534
Published: September 13, 2019
Vulnerability identifier: #VU21105
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-13534
CWE-ID: CWE-494
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
IntelliVue MX600
IntelliVue MX700
IntelliVue MX800
IntelliVue MPX2
IntelliVue MP2
IntelliVue MP5SC
IntelliVue MP5
IntelliVue MP90
IntelliVue MP80
IntelliVue MP70
IntelliVue MP60
IntelliVue MP50
IntelliVue MP40
IntelliVue MP30
IntelliVue MP20
Software vendor:
Philips
Philips
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. A remote attacker with ability to perform a man-in-the-middle attack can execute arbitrary code on the target system.
Remediation
This vulnerability was fixed only in the WLAN Version C.