CVE-2020-6977
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
Se presenta una vulnerabilidad de escape del entorno de escritorio restringido en la funcionalidad Kiosk Mode de los dispositivos afectados. Las entradas especialmente diseƱadas pueden permitir al usuario escapar del entorno restringido, resultando en el acceso al sistema operativo subyacente. Los dispositivos afectados incluyen los siguientes Productos GE Ultrasound: Productos Vivid- todas las versiones; LOGIQ todas las versiones sin incluir LOGIQ 100 Pro; Voluson- todas las versiones; Versana Essential- todas las versiones; estaciĆ³n Invenia ABUS Scan- todas las versiones; Venue- todas las versiones sin incluir Venue 40 R1-3 y Venue 50 R4-5.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-14 CVE Reserved
- 2020-02-20 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-693: Protection Mechanism Failure
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsma-20-049-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | Vivid E95 Firmware Search vendor "Ge" for product "Vivid E95 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid E95 Search vendor "Ge" for product "Vivid E95" | - | - |
Safe
|
| Ge Search vendor "Ge" | Vivid E90 Firmware Search vendor "Ge" for product "Vivid E90 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid E90 Search vendor "Ge" for product "Vivid E90" | - | - |
Safe
|
| Ge Search vendor "Ge" | Vivid S70n Firmware Search vendor "Ge" for product "Vivid S70n Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid S70n Search vendor "Ge" for product "Vivid S70n" | - | - |
Safe
|
| Ge Search vendor "Ge" | Vivid T8 Firmware Search vendor "Ge" for product "Vivid T8 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid T8 Search vendor "Ge" for product "Vivid T8" | - | - |
Safe
|
| Ge Search vendor "Ge" | Vivid T9 Firmware Search vendor "Ge" for product "Vivid T9 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid T9 Search vendor "Ge" for product "Vivid T9" | - | - |
Safe
|
| Ge Search vendor "Ge" | Vivid Iq Firmware Search vendor "Ge" for product "Vivid Iq Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Vivid Iq Search vendor "Ge" for product "Vivid Iq" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq E10 Firmware Search vendor "Ge" for product "Logiq E10 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq E10 Search vendor "Ge" for product "Logiq E10" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq E9 Firmware Search vendor "Ge" for product "Logiq E9 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq E9 Search vendor "Ge" for product "Logiq E9" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq S8 Firmware Search vendor "Ge" for product "Logiq S8 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq S8 Search vendor "Ge" for product "Logiq S8" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq S7 Firmware Search vendor "Ge" for product "Logiq S7 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq S7 Search vendor "Ge" for product "Logiq S7" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq P9 Firmware Search vendor "Ge" for product "Logiq P9 Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq P9 Search vendor "Ge" for product "Logiq P9" | - | - |
Safe
|
| Ge Search vendor "Ge" | Logiq E9 With Xdclear Firmware Search vendor "Ge" for product "Logiq E9 With Xdclear Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Logiq E9 With Xdclear Search vendor "Ge" for product "Logiq E9 With Xdclear" | - | - |
Safe
|
| Ge Search vendor "Ge" | Voluson Firmware Search vendor "Ge" for product "Voluson Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Voluson Search vendor "Ge" for product "Voluson" | - | - |
Safe
|
| Ge Search vendor "Ge" | Versana Essential Firmware Search vendor "Ge" for product "Versana Essential Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Versana Essential Search vendor "Ge" for product "Versana Essential" | - | - |
Safe
|
| Ge Search vendor "Ge" | Invenia Abus Scan Station Firmware Search vendor "Ge" for product "Invenia Abus Scan Station Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Invenia Abus Scan Station Search vendor "Ge" for product "Invenia Abus Scan Station" | - | - |
Safe
|
| Ge Search vendor "Ge" | Venue Go Firmware Search vendor "Ge" for product "Venue Go Firmware" | * | - |
Affected
| in | Ge Search vendor "Ge" | Venue Go Search vendor "Ge" for product "Venue Go" | - | - |
Safe
|