Insecure Windows Permissions in Philips Intellispace Portal
CVE-2018-5472

9.8CRITICAL

Key Information:

Vendor

Philips
Status
Philips Intellispace Portal
Vendor
CVE Published:
26 March 2018

What is CVE-2018-5472?

The Philips Intellispace Portal versions 7.0.x and 8.0.x are susceptible to a vulnerability that arises from improper configuration of Windows permissions. This flaw could enable an attacker to gain unauthorized access to sensitive information and, in some scenarios, escalate privileges or execute arbitrary code within the affected system. It is crucial for users of the affected versions to apply the relevant security patches and follow best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Philips IntelliSpace Portal 8.0.x

Philips IntelliSpace Portal 7.0.x

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103182
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.