Details of VAR-201812-0467

ID

VAR-201812-0467

CVE

CVE-2018-19001

TITLE

Android for Philips HealthSuite Health Vulnerability related to cryptographic strength in applications

Trust: 0.8

sources: JVNDB: JVNDB-2018-013001

DESCRIPTION

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. Android for Philips HealthSuite Health The application contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers can exploit this issue to gain access to the sensitive information. Information obtained may lead to further attacks. An attacker could exploit this vulnerability to compromise the integrity and confidentiality of the device

Trust: 1.98

sources: NVD: CVE-2018-19001 // JVNDB: JVNDB-2018-013001 // BID: 106126 // VULHUB: VHN-129617

AFFECTED PRODUCTS

vendor:	philips	model:	healthsuite health	scope:	eq	version:	*	Trust: 1.0
vendor:	philips	model:	healthsuite health	scope:	eq	version:	android app	Trust: 0.8
vendor:	philips	model:	healthsuite health	scope:	eq	version:	android	Trust: 0.6
vendor:	philips	model:	healthsuite health	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106126 // JVNDB: JVNDB-2018-013001 // CNNVD: CNNVD-201812-277 // NVD: CVE-2018-19001

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19001
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-19001
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201812-277
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-129617
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19001
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-129617
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19001
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.9
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-129617 // JVNDB: JVNDB-2018-013001 // CNNVD: CNNVD-201812-277 // NVD: CVE-2018-19001

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.9

sources: VULHUB: VHN-129617 // JVNDB: JVNDB-2018-013001 // NVD: CVE-2018-19001

THREAT TYPE

local

Trust: 0.9

sources: BID: 106126 // CNNVD: CNNVD-201812-277

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013001

PATCH

title:	Philips HealthSuite Health Android App (6-December-2018)	url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 0.8
title:	Philips HealthSuite Health Android App Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87544	Trust: 0.6

sources: JVNDB: JVNDB-2018-013001 // CNNVD: CNNVD-201812-277

EXTERNAL IDS

db:	ICS CERT	id:	ICSMA-18-340-01	Trust: 2.8
db:	NVD	id:	CVE-2018-19001	Trust: 2.8
db:	BID	id:	106126	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-013001	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-277	Trust: 0.7
db:	SEEBUG	id:	SSVID-98842	Trust: 0.1
db:	CNVD	id:	CNVD-2020-53790	Trust: 0.1
db:	VULHUB	id:	VHN-129617	Trust: 0.1

sources: VULHUB: VHN-129617 // BID: 106126 // JVNDB: JVNDB-2018-013001 // CNNVD: CNNVD-201812-277 // NVD: CVE-2018-19001

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-340-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/106126	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19001	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19001	Trust: 0.8
url:	http://www.usa.philips.com/	Trust: 0.3

sources: VULHUB: VHN-129617 // BID: 106126 // JVNDB: JVNDB-2018-013001 // CNNVD: CNNVD-201812-277 // NVD: CVE-2018-19001

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106126

SOURCES

db:	VULHUB	id:	VHN-129617
db:	BID	id:	106126
db:	JVNDB	id:	JVNDB-2018-013001
db:	CNNVD	id:	CNNVD-201812-277
db:	NVD	id:	CVE-2018-19001

LAST UPDATE DATE

2024-11-23T22:12:12.427000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-129617	date:	2019-10-09T00:00:00
db:	BID	id:	106126	date:	2018-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-013001	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-277	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-19001	date:	2024-11-21T03:57:08.453

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-129617	date:	2018-12-07T00:00:00
db:	BID	id:	106126	date:	2018-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-013001	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-277	date:	2018-12-07T00:00:00
db:	NVD	id:	CVE-2018-19001	date:	2018-12-07T14:29:00.697