ID

VAR-201803-1809


CVE

CVE-2018-5474


TITLE

Philips Intellispace Portal Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772

DESCRIPTION

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. Philips Intellispace Portal Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Trust: 2.52

sources: NVD: CVE-2018-5474 // JVNDB: JVNDB-2018-003332 // CNVD: CNVD-2018-03812 // BID: 103182 // VULHUB: VHN-135505

AFFECTED PRODUCTS

vendor:philipsmodel:intellispace portalscope:eqversion:8.0

Trust: 1.9

vendor:philipsmodel:intellispace portalscope:eqversion:9.0

Trust: 1.6

vendor:philipsmodel:intellispace portalscope:eqversion:8.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0

Trust: 0.3

sources: CNVD: CNVD-2018-03812 // BID: 103182 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5474
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5474
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-03812
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-772
value: CRITICAL

Trust: 0.6

VULHUB: VHN-135505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5474
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03812
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135505
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5474
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03812 // VULHUB: VHN-135505 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-135505 // JVNDB: JVNDB-2018-003332 // NVD: CVE-2018-5474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-772

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201803-772

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003332

PATCH

title:Philips IntelliSpace Portal Vulnerabilities (26-FEB-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 0.8

title:Patch for Philips Intellispace Portal Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119263

Trust: 0.6

sources: CNVD: CNVD-2018-03812 // JVNDB: JVNDB-2018-003332

EXTERNAL IDS

db:NVDid:CVE-2018-5474

Trust: 3.4

db:ICS CERTid:ICSMA-18-058-02

Trust: 3.4

db:BIDid:103182

Trust: 2.0

db:JVNDBid:JVNDB-2018-003332

Trust: 0.8

db:CNVDid:CNVD-2018-03812

Trust: 0.6

db:CNNVDid:CNNVD-201803-772

Trust: 0.6

db:VULHUBid:VHN-135505

Trust: 0.1

sources: CNVD: CNVD-2018-03812 // VULHUB: VHN-135505 // BID: 103182 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-02

Trust: 3.4

url:http://www.securityfocus.com/bid/103182

Trust: 1.7

url:https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5474

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-5474

Trust: 0.8

url:http://www.usa.philips.com/

Trust: 0.3

sources: CNVD: CNVD-2018-03812 // VULHUB: VHN-135505 // BID: 103182 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103182

SOURCES

db:CNVDid:CNVD-2018-03812
db:VULHUBid:VHN-135505
db:BIDid:103182
db:JVNDBid:JVNDB-2018-003332
db:CNNVDid:CNNVD-201803-772
db:NVDid:CVE-2018-5474

LAST UPDATE DATE

2024-11-23T19:38:25.930000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-03812date:2018-02-28T00:00:00
db:VULHUBid:VHN-135505date:2019-10-09T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003332date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-772date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5474date:2024-11-21T04:08:52.440

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-03812date:2018-02-28T00:00:00
db:VULHUBid:VHN-135505date:2018-03-26T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003332date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-772date:2018-03-22T00:00:00
db:NVDid:CVE-2018-5474date:2018-03-26T14:29:00.713