CVE-2018-5472 - OpenCVE

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Philips	Intellispace Portal

Configuration 1 [-]

OR	cpe:2.3:a:philips:intellispace_portal:8.0:::::::*
	cpe:2.3:a:philips:intellispace_portal:9.0:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/103182	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	Third Party Advisory US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-02-27T00:00:00

Updated: 2018-03-27T09:57:01

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5472

JSON object: View

NVD Information

Status : Modified

Published: 2018-03-26T14:29:00.650

Modified: 2019-10-09T23:41:26.377

Link: CVE-2018-5472

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Philips IntelliSpace Portal", "vendor": "Philips", "versions": [{"status": "affected", "version": "8.0.x"}, {"status": "affected", "version": "7.0.x"}]}], "datePublic": "2018-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-27T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "103182", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103182"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-02-27T00:00:00", "ID": "CVE-2018-5472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips IntelliSpace Portal", "version": {"version_data": [{"version_value": "8.0.x"}, {"version_value": "7.0.x"}]}}]}, "vendor_name": "Philips"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"}]}]}, "references": {"reference_data": [{"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "refsource": "CONFIRM", "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "103182", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103182"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-5472", "datePublished": "2018-02-27T00:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-03-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "374B9A63-793D-41A1-A02F-4642031DA5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "784EBE3C-D9CB-433E-BC1D-4403B3BAB6AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."}, {"lang": "es", "value": "Philips IntelliSpace Portal, en todas las versiones 7.0.x y 8.0.x, contiene una vulnerabilidad de permisos de Windows inseguros que podr\u00eda permitir a un atacante obtener acceso no autorizado y, en algunos casos, escalar su nivel de privilegios o ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2018-5472", "lastModified": "2019-10-09T23:41:26.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-26T14:29:00.650", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103182"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}