CVE-2018-8861

Severity Score

8.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.

Vulnerabilidades en el entorno de quiosco de Philips Brilliance CT (Brilliance 64 en versiones 2.6.2 y anteriores, Brilliance iCT en versiones 4.1.6 y anteriores, Brillance iCT SP en versiones 3.2.4 y anteriores y Brilliance CT Big Bore 2.3.5 y anteriores) podrían permitir que un usuario del quiosco con acceso limitado o un atacante no autorizado salgan del confinamiento del entorno del quiosco, logren privilegios elevados del sistema operativo de Windows y accedan a recursos no autorizados del sistema operativo.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-03-20 CVE Reserved
2018-05-04 CVE Published
2023-04-28 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-668: Exposure of Resource to Wrong Sphere

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/104088	Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.usa.philips.com/healthcare/about/customer-support/product-security	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Philips Search vendor "Philips"	Brilliance Firmware 64 Search vendor "Philips" for product "Brilliance Firmware 64"	<= 2.6.2 Search vendor "Philips" for product "Brilliance Firmware 64" and version " <= 2.6.2"	-	Affected	in	Philips Search vendor "Philips"	Brilliance 64 Search vendor "Philips" for product "Brilliance 64"	-	-	Safe
Philips Search vendor "Philips"	Brilliance Ict Sp Firmware Search vendor "Philips" for product "Brilliance Ict Sp Firmware"	<= 3.2.4 Search vendor "Philips" for product "Brilliance Ict Sp Firmware" and version " <= 3.2.4"	-	Affected	in	Philips Search vendor "Philips"	Brilliance Ict Sp Search vendor "Philips" for product "Brilliance Ict Sp"	-	-	Safe
Philips Search vendor "Philips"	Brilliance Ict Firmware Search vendor "Philips" for product "Brilliance Ict Firmware"	<= 4.1.6 Search vendor "Philips" for product "Brilliance Ict Firmware" and version " <= 4.1.6"	-	Affected	in	Philips Search vendor "Philips"	Brilliance Ict Search vendor "Philips" for product "Brilliance Ict"	-	-	Safe
Philips Search vendor "Philips"	Brilliance Ct Big Bore Firmware Search vendor "Philips" for product " Brilliance Ct Big Bore Firmware"	<= 2.3.5 Search vendor "Philips" for product " Brilliance Ct Big Bore Firmware" and version " <= 2.3.5"	-	Affected	in	Philips Search vendor "Philips"	Brilliance Ct Big Bore Search vendor "Philips" for product " Brilliance Ct Big Bore"	-	-	Safe