CVE-2018-8848

Опубликовано: 26 сент. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

Ссылки

http://www.securityfocus.com/bid/105194
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Mitigation
Third Party Advisory
US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory
http://www.securityfocus.com/bid/105194
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Mitigation
Third Party Advisory
US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:philips:e-alert_firmware:*:*:*:*:*:*:*:*

Версия до r2.1 (включая)

EPSS

Процентиль: 69%

0.00596

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-276

CWE-732

Связанные уязвимости

GHSA-rvgx-rpj5-2pcr