Sign-up

ID

VAR-201803-2079


CVE

CVE-2018-5451


TITLE

Philips Alice 6 System Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003514

DESCRIPTION

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. Philips Alice 6 System Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Philips Alice 6 R8.0.2 and prior are vulnerable

Trust: 2.7

sources: NVD: CVE-2018-5451 // JVNDB: JVNDB-2018-003514 // CNVD: CNVD-2018-06523 // BID: 103537 // IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1 // VULHUB: VHN-135482

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1 // CNVD: CNVD-2018-06523

AFFECTED PRODUCTS

vendor:philipsmodel:alice 6scope:lteversion:r8.0.2

Trust: 1.8

vendor:philipsmodel:alice <=r8.0.2scope:eqversion:6

Trust: 0.6

vendor:philipsmodel:alice 6scope:eqversion:r8.0.2

Trust: 0.6

vendor:philipsmodel:alice r8.0.2scope:eqversion:6

Trust: 0.3

vendor:alice 6model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1 // CNVD: CNVD-2018-06523 // BID: 103537 // JVNDB: JVNDB-2018-003514 // CNNVD: CNNVD-201803-1001 // NVD: CVE-2018-5451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5451
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5451
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06523
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-1001
value: CRITICAL

Trust: 0.6

IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-135482
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5451
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06523
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-135482
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5451
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1 // CNVD: CNVD-2018-06523 // VULHUB: VHN-135482 // JVNDB: JVNDB-2018-003514 // CNNVD: CNNVD-201803-1001 // NVD: CVE-2018-5451

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-135482 // JVNDB: JVNDB-2018-003514 // NVD: CVE-2018-5451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1001

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201803-1001

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003514

PATCH
title:Top Pageurl:https://www.usa.philips.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003514

EXTERNAL IDS
db:NVDid:CVE-2018-5451
Trust: 3.6
db:ICS CERTid:ICSMA-18-086-01
Trust: 3.4
db:BIDid:103537
Trust: 2.0
db:CNNVDid:CNNVD-201803-1001
Trust: 0.9
db:CNVDid:CNVD-2018-06523
Trust: 0.8
db:JVNDBid:JVNDB-2018-003514
Trust: 0.8
db:IVDid:E2EA2F60-39AB-11E9-8C88-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-135482
Trust: 0.1
sources:
            
            
            IVD: e2ea2f60-39ab-11e9-8c88-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06523 // 
            
            
            
            VULHUB: VHN-135482 // 
            
            
            
            BID: 103537 // 
            
            
            
            JVNDB: JVNDB-2018-003514 // 
            
            
            
            CNNVD: CNNVD-201803-1001 // 
            
            
            
            NVD: CVE-2018-5451

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-086-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103537
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5451
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5451
Trust: 0.8
url:http://www.usa.philips.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06523 // 
            
            
            
            VULHUB: VHN-135482 // 
            
            
            
            BID: 103537 // 
            
            
            
            JVNDB: JVNDB-2018-003514 // 
            
            
            
            CNNVD: CNNVD-201803-1001 // 
            
            
            
            NVD: CVE-2018-5451

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103537

SOURCES
db:IVDid:e2ea2f60-39ab-11e9-8c88-000c29342cb1
db:CNVDid:CNVD-2018-06523
db:VULHUBid:VHN-135482
db:BIDid:103537
db:JVNDBid:JVNDB-2018-003514
db:CNNVDid:CNNVD-201803-1001
db:NVDid:CVE-2018-5451

LAST UPDATE DATE
2024-11-23T22:55:54.981000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06523date:2018-03-29T00:00:00
db:VULHUBid:VHN-135482date:2019-10-09T00:00:00
db:BIDid:103537date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2018-003514date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1001date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5451date:2024-11-21T04:08:49.643

SOURCES RELEASE DATE
db:IVDid:e2ea2f60-39ab-11e9-8c88-000c29342cb1date:2018-03-28T00:00:00
db:CNVDid:CNVD-2018-06523date:2018-03-28T00:00:00
db:VULHUBid:VHN-135482date:2018-03-28T00:00:00
db:BIDid:103537date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2018-003514date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1001date:2018-03-28T00:00:00
db:NVDid:CVE-2018-5451date:2018-03-28T17:29:00.337