Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

CVE-2020-26086 (GCVE-0-2020-26086)

Vulnerability from cvelistv5 – Published: 2020-11-06 18:15 – Updated: 2024-11-13 17:44
VLAI
Title
Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability
Summary
A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-11-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201104 Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-26086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:22:37.424607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:44:55.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-11-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T18:15:33.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201104 Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-tele-info-DrEGLpDQ",
        "defect": [
          [
            "CSCvv34713"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-11-04T16:00:00",
          "ID": "CVE-2020-26086",
          "STATE": "PUBLIC",
          "TITLE": "Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201104 Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tele-info-DrEGLpDQ"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-tele-info-DrEGLpDQ",
          "defect": [
            [
              "CSCvv34713"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-26086",
    "datePublished": "2020-11-06T18:15:33.870Z",
    "dateReserved": "2020-09-24T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:44:55.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-26084 (GCVE-0-2020-26084)

Vulnerability from cvelistv5 – Published: 2020-11-06 18:15 – Updated: 2024-11-13 17:45
VLAI
Title
Cisco Edge Fog Fabric Resource Exposure Vulnerability
Summary
A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-11-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:06.866Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20201104 Cisco Edge Fog Fabric Resource Exposure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-26084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:22:38.919562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:45:05.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Edge Fog Fabric",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-11-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-06T18:15:29.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20201104 Cisco Edge Fog Fabric Resource Exposure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz"
        }
      ],
      "source": {
        "advisory": "cisco-sa-eff-incperm-9E6h4yBz",
        "defect": [
          [
            "CSCvv30148"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Edge Fog Fabric Resource Exposure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-11-04T16:00:00",
          "ID": "CVE-2020-26084",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Edge Fog Fabric Resource Exposure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Edge Fog Fabric",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20201104 Cisco Edge Fog Fabric Resource Exposure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-eff-incperm-9E6h4yBz",
          "defect": [
            [
              "CSCvv30148"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-26084",
    "datePublished": "2020-11-06T18:15:29.448Z",
    "dateReserved": "2020-09-24T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:45:05.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-16212 (GCVE-0-2020-16212)

Vulnerability from cvelistv5 – Published: 2020-09-11 13:13 – Updated: 2024-08-04 13:37
VLAI
Title
Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
Summary
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
Severity
No CVSS data available.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
Impacted products
Vendor Product Version
Philips Patient Information Center iX (PICiX) Affected: B.02
Affected: C.02
Affected: C.03
Create a notification for this product.
Credits
Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:37:54.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.philips.com/productsecurity"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Patient Information Center iX (PICiX)",
          "vendor": "Philips",
          "versions": [
            {
              "status": "affected",
              "version": "B.02"
            },
            {
              "status": "affected",
              "version": "C.02"
            },
            {
              "status": "affected",
              "version": "C.03"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges."
            }
          ],
          "value": "In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-12T18:24:53.053Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
        },
        {
          "url": "https://www.philips.com/productsecurity"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Philips released the following versions to remediate reported vulnerabilities:\u003cbr\u003e\u003cbr\u003e* Patient Information Center iX (PICiX) Version C.03\u003cbr\u003e* Certificate revocation within the system was implemented for PIC iX and Performance Bridge FocalPoint in 2023. The implementation of the IntelliVue Patient Monitors will be completed in Q3 of 2024.\u003cbr\u003e"
            }
          ],
          "value": "Philips released the following versions to remediate reported vulnerabilities:\n\n* Patient Information Center iX (PICiX) Version C.03\n* Certificate revocation within the system was implemented for PIC iX and Performance Bridge FocalPoint in 2023. The implementation of the IntelliVue Patient Monitors will be completed in Q3 of 2024."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "As a mitigation to these vulnerabilities, Philips recommends the following:\u003cbr\u003e* The Philips patient monitoring network is required to be physically or logically isolated from the hospital local area network (LAN). Philips recommends using a firewall or routers that can implement access control lists restricting access in and out of the patient monitoring network for only necessary ports and IP addresses. Refer to the Philips Patient Monitoring System Security for Clinical Networks guide for additional information on [InCenter](\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/)\"\u003ehttps://incenter.medical.philips.com/)\u003c/a\u003e.\u003cbr\u003e* By default, the simple certificate enrollment protocol (SCEP) service is not running. When needed, the service is configured to run based on the duration or the number of certificates to be assigned. One certificate is default, but if a certificate is not issued, the service will continue to run. Limit exposure by ensuring the SCEP service is not running unless it is actively being used to enroll new devices.\u003cbr\u003e* When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\u003cbr\u003e* Implement physical security controls to prevent unauthorized login attempts on the PIC iX application. Servers should be kept in controlled locked data centers. Access to equipment at nurses\u2019 stations should be controlled and monitored.\u003cbr\u003e* Only grant remote access to PIC iX servers on a must-have basis.\u003cbr\u003e* Grant login privileges to the bedside monitor and PIC iX application on a role-based, least-privilege basis, and only to trusted users.\u003cbr\u003e \u003cbr\u003eUsers with questions regarding their specific Philips Patient Information Center (PIC iX) and/or IntelliVue patient monitor installations and new release eligibility should contact their local Philips service support team, or regional service support (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ehttps://www.usa.philips.com/healthcare/solutions/customer-service-solutions\u003c/a\u003e), or call 1-800-722-9377.\u003cbr\u003e\u003cbr\u003ePlease see the Philips product security website (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ehttps://www.philips.com/productsecurity\u003c/a\u003e) for the Philips advisory and the latest security information for Philips products.\u003cbr\u003e"
            }
          ],
          "value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n* The Philips patient monitoring network is required to be physically or logically isolated from the hospital local area network (LAN). Philips recommends using a firewall or routers that can implement access control lists restricting access in and out of the patient monitoring network for only necessary ports and IP addresses. Refer to the Philips Patient Monitoring System Security for Clinical Networks guide for additional information on [InCenter]( https://incenter.medical.philips.com/) https://incenter.medical.philips.com/) .\n* By default, the simple certificate enrollment protocol (SCEP) service is not running. When needed, the service is configured to run based on the duration or the number of certificates to be assigned. One certificate is default, but if a certificate is not issued, the service will continue to run. Limit exposure by ensuring the SCEP service is not running unless it is actively being used to enroll new devices.\n* When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n* Implement physical security controls to prevent unauthorized login attempts on the PIC iX application. Servers should be kept in controlled locked data centers. Access to equipment at nurses\u2019 stations should be controlled and monitored.\n* Only grant remote access to PIC iX servers on a must-have basis.\n* Grant login privileges to the bedside monitor and PIC iX application on a role-based, least-privilege basis, and only to trusted users.\n \nUsers with questions regarding their specific Philips Patient Information Center (PIC iX) and/or IntelliVue patient monitor installations and new release eligibility should contact their local Philips service support team, or regional service support ( https://www.usa.philips.com/healthcare/solutions/customer-service-solutions https://www.usa.philips.com/healthcare/solutions/customer-service-solutions ), or call 1-800-722-9377.\n\nPlease see the Philips product security website ( https://www.philips.com/productsecurity https://www.philips.com/productsecurity ) for the Philips advisory and the latest security information for Philips products."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-16212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-16212",
    "datePublished": "2020-09-11T13:13:35.000Z",
    "dateReserved": "2020-07-31T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:37:54.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15264 (GCVE-0-2020-15264)

Vulnerability from cvelistv5 – Published: 2020-10-20 20:25 – Updated: 2024-08-04 13:15
VLAI
Title
Privilege Escalation in Boxstarter
Summary
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
  • CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
Vendor Product Version
chocolatey boxstarter Affected: < 2.13.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:15:19.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633"
          },
          {
            "name": "VU#208577",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/208577"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "boxstarter",
          "vendor": "chocolatey",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Boxstarter installer before version 2.13.0 configures C:\\ProgramData\\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it\u0027ll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73 External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-22T17:06:18.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633"
        },
        {
          "name": "VU#208577",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/208577"
        }
      ],
      "source": {
        "advisory": "GHSA-rpgx-h675-r3jf",
        "discovery": "UNKNOWN"
      },
      "title": "Privilege Escalation in Boxstarter",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15264",
          "STATE": "PUBLIC",
          "TITLE": "Privilege Escalation in Boxstarter"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "boxstarter",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 2.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "chocolatey"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Boxstarter installer before version 2.13.0 configures C:\\ProgramData\\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it\u0027ll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-73 External Control of File Name or Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf",
              "refsource": "CONFIRM",
              "url": "https://github.com/chocolatey/boxstarter/security/advisories/GHSA-rpgx-h675-r3jf"
            },
            {
              "name": "https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633",
              "refsource": "MISC",
              "url": "https://github.com/chocolatey/boxstarter/commit/67e320491813550b48900e87105a34ceefdcf633"
            },
            {
              "name": "VU#208577",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/208577"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-rpgx-h675-r3jf",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15264",
    "datePublished": "2020-10-20T20:25:17.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:15:19.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15215 (GCVE-0-2020-15215)

Vulnerability from cvelistv5 – Published: 2020-10-06 18:00 – Updated: 2024-08-04 13:08
VLAI
Title
Context isolation bypass in Electron
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
CWE
  • CWE-693 - Protection Mechanism Failure
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
electron electron Affected: >= 8.0.0-beta.0, < 8.5.2
Affected: >= 9.0.0-beta.0, < 9.3.1
Affected: >= 10.0.0-beta.0, < 10.1.2
Affected: >= 11.0.0-beta.0, < 11.0.0-beta.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693 Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-06T18:00:17.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
        }
      ],
      "source": {
        "advisory": "GHSA-56pc-6jqp-xqj8",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15215",
          "STATE": "PUBLIC",
          "TITLE": "Context isolation bypass in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
                          },
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
                          },
                          {
                            "version_value": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
                          },
                          {
                            "version_value": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693 Protection Mechanism Failure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-56pc-6jqp-xqj8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15215",
    "datePublished": "2020-10-06T18:00:17.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12142 (GCVE-0-2020-12142)

Vulnerability from cvelistv5 – Published: 2020-05-05 19:54 – Updated: 2024-08-04 11:48
VLAI
Title
IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials
Summary
1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Silver Peak Systems, Inc. 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP Affected: All versions affected prior to Silver Peak Unity ECOS™ 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator™ 8.9.2+
Create a notification for this product.
Credits
This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:58.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
          "vendor": "Silver Peak Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "\u2022\tEdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. \n\n\u2022\tEdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-05-07T16:57:35.000Z",
        "orgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
        "shortName": "Silver Peak"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf"
        }
      ],
      "source": {
        "advisory": "2020 -04-24-001- 001",
        "discovery": "EXTERNAL"
      },
      "title": "IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "sirt@silver-peak.com",
          "ID": "CVE-2020-12142",
          "STATE": "PUBLIC",
          "TITLE": "IPSec UDP key material can be retrieved from EdgeConnect by a user with admin credentials"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator, \u202f 3. EdgeConnect in AWS, Azure, GCP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions affected prior to Silver Peak Unity ECOS\u2122 8.3.2+, 8.1.9.12+ and Silver Peak Unity Orchestrator\u2122 8.9.2+"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Silver Peak Systems, Inc."
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "\u2022\tEdgeConnect software has been modified to prevent users from accessing IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. \n\n\u2022\tEdgeConnect software has been modified to allow customers to choose not to persist the IPSec seed for additional security."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "This vulnerability was reported to Silver Peak by Denis Kolegov, Mariya Nedyak, and Anton Nikolaev from the SD-WAN New Hop team."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material-cve_2020_12142.pdf"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "https://www.silver-peak.com/sites/default/files/advisory/security_advisory_notice_ipsec_udp_key_material_cve_2020_12142.pdf"
          }
        ],
        "source": {
          "advisory": "2020 -04-24-001- 001",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83cc1b1a-46b0-4ac1-94f2-bbef3319bc4c",
    "assignerShortName": "Silver Peak",
    "cveId": "CVE-2020-12142",
    "datePublished": "2020-05-05T19:54:07.000Z",
    "dateReserved": "2020-04-24T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:48:58.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12020 (GCVE-0-2020-12020)

Vulnerability from cvelistv5 – Published: 2020-06-29 13:51 – Updated: 2024-08-04 11:48
VLAI
Summary
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
Severity
No CVSS data available.
CWE
  • CWE-668 - EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668
Assigner
References
Impacted products
Vendor Product Version
n/a Baxter ExactaMix EM 2400 & EM 1200 Affected: ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-29T13:51:49.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-12020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Baxter ExactaMix EM 2400 \u0026 EM 1200",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-12020",
    "datePublished": "2020-06-29T13:51:49.000Z",
    "dateReserved": "2020-04-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:48:57.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10271 (GCVE-0-2020-10271)

Vulnerability from cvelistv5 – Published: 2020-06-24 04:40 – Updated: 2024-09-16 22:02
VLAI
Title
RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones
Summary
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).
CWE
Assigner
References
Impacted products
Vendor Product Version
Mobile Industrial Robots A/S MiR100 Affected: v2.8.1.1 and before
Create a notification for this product.
Date Public
2020-06-24 00:00
Credits
Víctor Mayoral Vilches, Alfonso Glera, Lander Usategui, Unai Ayucar, Xabier Sáez de Cámara (Alias Robotics)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:58:40.023Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/aliasrobotics/RVD/issues/2555"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MiR100",
          "vendor": "Mobile Industrial Robots A/S",
          "versions": [
            {
              "status": "affected",
              "version": "v2.8.1.1 and before"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "V\u00edctor Mayoral Vilches, Alfonso Glera, Lander Usategui, Unai Ayucar, Xabier S\u00e1ez de C\u00e1mara (Alias Robotics)"
        }
      ],
      "datePublic": "2020-06-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR\u0027s operations are centered around the framework (ROS)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-24T04:40:18.000Z",
        "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "shortName": "Alias"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aliasrobotics/RVD/issues/2555"
        }
      ],
      "source": {
        "defect": [
          "RVD#2555"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones",
      "x_generator": {
        "engine": "Robot Vulnerability Database (RVD)"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@aliasrobotics.com",
          "DATE_PUBLIC": "2020-06-24T04:34:51 +00:00",
          "ID": "CVE-2020-10271",
          "STATE": "PUBLIC",
          "TITLE": "RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MiR100",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v2.8.1.1 and before"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Mobile Industrial Robots A/S"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "V\u00edctor Mayoral Vilches, Alfonso Glera, Lander Usategui, Unai Ayucar, Xabier S\u00e1ez de C\u00e1mara (Alias Robotics)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR\u0027s operations are centered around the framework (ROS)."
            }
          ]
        },
        "generator": {
          "engine": "Robot Vulnerability Database (RVD)"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "critical",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aliasrobotics/RVD/issues/2555",
              "refsource": "CONFIRM",
              "url": "https://github.com/aliasrobotics/RVD/issues/2555"
            }
          ]
        },
        "source": {
          "defect": [
            "RVD#2555"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
    "assignerShortName": "Alias",
    "cveId": "CVE-2020-10271",
    "datePublished": "2020-06-24T04:40:18.659Z",
    "dateReserved": "2020-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:02:17.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5386 (GCVE-0-2020-5386)

Vulnerability from cvelistv5 – Published: 2020-09-02 20:55 – Updated: 2024-09-16 20:58
VLAI
Summary
Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.
CWE
  • CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
Vendor Product Version
Dell Elastic Cloud Storage Affected: unspecified , < 3.5 (custom)
Create a notification for this product.
Date Public
2020-08-18 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Elastic Cloud Storage",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-08-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-02T20:55:19.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2020-08-18",
          "ID": "CVE-2020-5386",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Elastic Cloud Storage",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.1,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/security/en-us/details/545893/DSA-2020-208-Dell-EMC-ECS-Security-Update-for-an-Exposure-of-Resource-vulnerability"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2020-5386",
    "datePublished": "2020-09-02T20:55:19.410Z",
    "dateReserved": "2020-01-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:58:12.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13546 (GCVE-0-2019-13546)

Vulnerability from cvelistv5 – Published: 2019-10-25 17:54 – Updated: 2024-08-04 23:57
VLAI
Summary
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.
Severity
No CVSS data available.
CWE
  • CWE-668 - EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668
Assigner
References
Impacted products
Vendor Product Version
n/a IntelliSpace Perinatal Affected: Versions K and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:57:39.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IntelliSpace Perinatal",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions K and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-25T17:54:57.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-13546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IntelliSpace Perinatal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions K and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-13546",
    "datePublished": "2019-10-25T17:54:57.000Z",
    "dateReserved": "2019-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:57:39.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.