CVE-2018-5468 - OpenCVE

Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Philips	Intellispace Portal

Configuration 1 [-]

OR	cpe:2.3:a:philips:intellispace_portal:8.0:::::::*
	cpe:2.3:a:philips:intellispace_portal:9.0:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/103182	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	Third Party Advisory US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-02-27T00:00:00

Updated: 2018-03-27T09:57:01

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5468

JSON object: View

NVD Information

Status : Modified

Published: 2018-03-26T14:29:00.543

Modified: 2019-10-09T23:41:25.580

Link: CVE-2018-5468

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Philips IntelliSpace Portal", "vendor": "Philips", "versions": [{"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "7.0.x"}]}], "datePublic": "2018-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-27T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "103182", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103182"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-02-27T00:00:00", "ID": "CVE-2018-5468", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips IntelliSpace Portal", "version": {"version_data": [{"version_value": "8.0.x"}, {"version_value": "7.0.x"}]}}]}, "vendor_name": "Philips"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"}]}]}, "references": {"reference_data": [{"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "refsource": "CONFIRM", "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "103182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103182"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-5468", "datePublished": "2018-02-27T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-03-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "374B9A63-793D-41A1-A02F-4642031DA5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "784EBE3C-D9CB-433E-BC1D-4403B3BAB6AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"}, {"lang": "es", "value": "Philips IntelliSpace Portal, en todas las versiones 7.0.x y 8.0.x, contiene una vulnerabilidad de acceso remoto al escritorio que podr\u00eda permitir a un atacante obtener acceso no autorizado y, en algunos casos, escalar su nivel de privilegios o ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2018-5468", "lastModified": "2019-10-09T23:41:25.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-26T14:29:00.543", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103182"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}