CVE-2020-14477
Severity Score
4.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
En Philips Ultrasound ClearVue Versiones 3.2 y anteriores, Ultrasound CX Versiones 5.0.2 y anteriores, Ultrasound EPIQ/Affiniti Versiones VM5.0 y anteriores, Ultrasound Sparq Versiones 3.0.2 y anteriores y Ultrasound Xperius todas las versiones, un atacante puede usar una ruta alternativa o canal que no requiere autenticación del inicio de sesión de servicio alternativo para visualizar o modificar información
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-19 CVE Reserved
- 2020-06-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-177-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Clearvue 850 Firmware Search vendor "Philips" for product "Clearvue 850 Firmware" | <= 3.2 Search vendor "Philips" for product "Clearvue 850 Firmware" and version " <= 3.2" | - |
Affected
| in | Philips Search vendor "Philips" | Clearvue 850 Search vendor "Philips" for product "Clearvue 850" | - | - |
Safe
|
| Philips Search vendor "Philips" | Clearvue 350 Firmware Search vendor "Philips" for product "Clearvue 350 Firmware" | <= 3.2 Search vendor "Philips" for product "Clearvue 350 Firmware" and version " <= 3.2" | - |
Affected
| in | Philips Search vendor "Philips" | Clearvue 350 Search vendor "Philips" for product "Clearvue 350" | - | - |
Safe
|
| Philips Search vendor "Philips" | Cx50 Firmware Search vendor "Philips" for product "Cx50 Firmware" | 5.0.2 Search vendor "Philips" for product "Cx50 Firmware" and version "5.0.2" | - |
Affected
| in | Philips Search vendor "Philips" | Cx50 Search vendor "Philips" for product "Cx50" | - | - |
Safe
|
| Philips Search vendor "Philips" | Affiniti 70 Firmware Search vendor "Philips" for product "Affiniti 70 Firmware" | <= 5.0 Search vendor "Philips" for product "Affiniti 70 Firmware" and version " <= 5.0" | - |
Affected
| in | Philips Search vendor "Philips" | Affiniti 70 Search vendor "Philips" for product "Affiniti 70" | - | - |
Safe
|
| Philips Search vendor "Philips" | Affiniti 50 Firmware Search vendor "Philips" for product "Affiniti 50 Firmware" | <= 5.0 Search vendor "Philips" for product "Affiniti 50 Firmware" and version " <= 5.0" | - |
Affected
| in | Philips Search vendor "Philips" | Affiniti 50 Search vendor "Philips" for product "Affiniti 50" | - | - |
Safe
|
| Philips Search vendor "Philips" | Epiq 7 Firmware Search vendor "Philips" for product "Epiq 7 Firmware" | <= 5.0 Search vendor "Philips" for product "Epiq 7 Firmware" and version " <= 5.0" | - |
Affected
| in | Philips Search vendor "Philips" | Epiq 7 Search vendor "Philips" for product "Epiq 7" | - | - |
Safe
|
| Philips Search vendor "Philips" | Sparq Firmware Search vendor "Philips" for product "Sparq Firmware" | <= 3.0.2 Search vendor "Philips" for product "Sparq Firmware" and version " <= 3.0.2" | - |
Affected
| in | Philips Search vendor "Philips" | Sparq Search vendor "Philips" for product "Sparq" | - | - |
Safe
|
| Philips Search vendor "Philips" | Xperius Firmware Search vendor "Philips" for product "Xperius Firmware" | * | - |
Affected
| in | Philips Search vendor "Philips" | Xperius Search vendor "Philips" for product "Xperius" | - | - |
Safe
|