Privilege Escalation Vulnerability in Philips IntelliSpace Portal
CVE-2018-5470

7.8HIGH

Key Information:

Vendor
Philips
Status
Philips Intellispace Portal
Vendor
CVE Published:
26 March 2018

Summary

Philips IntelliSpace Portal versions 7.0.x and 8.0.x contain an unquoted search path vulnerability. This flaw may allow an authorized local user to execute arbitrary code with escalated privileges. Attackers exploiting this vulnerability could potentially gain greater access to system resources, posing a significant risk to data integrity and security. It is important for users of affected versions to apply available security patches to mitigate this risk.

Affected Version(s)

Philips IntelliSpace Portal 8.0.x

Philips IntelliSpace Portal 7.0.x

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103182
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.