Sign-up

ID

VAR-201803-2082


CVE

CVE-2018-5454


TITLE

Philips Intellispace Portal Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-003324

DESCRIPTION

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. Philips Intellispace Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. A cryptographic security vulnerability Attackers can exploit these issues to execute arbitrary code within the context of affected device, cause a denial-of-service condition, bypass certain security restrictions, obtain sensitive information or gain unauthorized access to the device and perform unauthorized actions. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians. Permission and access control vulnerabilities exist in Philips ISP versions 8.0.x and 7.0.x

Trust: 2.52

sources: NVD: CVE-2018-5454 // JVNDB: JVNDB-2018-003324 // CNVD: CNVD-2018-03810 // BID: 103182 // VULHUB: VHN-135485

AFFECTED PRODUCTS

vendor:philipsmodel:intellispace portalscope:eqversion:8.0

Trust: 1.9

vendor:philipsmodel:intellispace portalscope:eqversion:9.0

Trust: 1.6

vendor:philipsmodel:intellispace portalscope:eqversion:8.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0

Trust: 0.3

sources: CNVD: CNVD-2018-03810 // BID: 103182 // JVNDB: JVNDB-2018-003324 // CNNVD: CNNVD-201803-775 // NVD: CVE-2018-5454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5454
value: HIGH

Trust: 1.0

NVD: CVE-2018-5454
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-03810
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-775
value: HIGH

Trust: 0.6

VULHUB: VHN-135485
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5454
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03810
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135485
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5454
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03810 // VULHUB: VHN-135485 // JVNDB: JVNDB-2018-003324 // CNNVD: CNNVD-201803-775 // NVD: CVE-2018-5454

PROBLEMTYPE DATA

problemtype:CWE-489

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-135485 // JVNDB: JVNDB-2018-003324 // NVD: CVE-2018-5454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-775

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-775

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003324

PATCH
title:Philips IntelliSpace Portal Vulnerabilities (26-FEB-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Patch for Philips Intellispace Portal Arbitrary Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119247
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03810 // 
            
            
            
            JVNDB: JVNDB-2018-003324

EXTERNAL IDS
db:NVDid:CVE-2018-5454
Trust: 3.4
db:ICS CERTid:ICSMA-18-058-02
Trust: 3.4
db:BIDid:103182
Trust: 2.0
db:JVNDBid:JVNDB-2018-003324
Trust: 0.8
db:CNNVDid:CNNVD-201803-775
Trust: 0.7
db:CNVDid:CNVD-2018-03810
Trust: 0.6
db:VULHUBid:VHN-135485
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03810 // 
            
            
            
            VULHUB: VHN-135485 // 
            
            
            
            BID: 103182 // 
            
            
            
            JVNDB: JVNDB-2018-003324 // 
            
            
            
            CNNVD: CNNVD-201803-775 // 
            
            
            
            NVD: CVE-2018-5454

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-02
Trust: 3.4
url:http://www.securityfocus.com/bid/103182
Trust: 1.7
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5454
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5454
Trust: 0.8
url:http://www.usa.philips.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-03810 // 
            
            
            
            VULHUB: VHN-135485 // 
            
            
            
            BID: 103182 // 
            
            
            
            JVNDB: JVNDB-2018-003324 // 
            
            
            
            CNNVD: CNNVD-201803-775 // 
            
            
            
            NVD: CVE-2018-5454

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103182

SOURCES
db:CNVDid:CNVD-2018-03810
db:VULHUBid:VHN-135485
db:BIDid:103182
db:JVNDBid:JVNDB-2018-003324
db:CNNVDid:CNNVD-201803-775
db:NVDid:CVE-2018-5454

LAST UPDATE DATE
2024-11-23T21:00:01.465000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03810date:2018-02-28T00:00:00
db:VULHUBid:VHN-135485date:2019-10-09T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003324date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-775date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5454date:2024-11-21T04:08:50.030

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03810date:2018-02-28T00:00:00
db:VULHUBid:VHN-135485date:2018-03-26T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003324date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-775date:2018-03-22T00:00:00
db:NVDid:CVE-2018-5454date:2018-03-26T14:29:00.213