Sign-up

ID

VAR-201909-1434


CVE

CVE-2019-10988


TITLE

Philips HDI 4000 Ultrasound Systems Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008955

DESCRIPTION

In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product

Trust: 2.25

sources: NVD: CVE-2019-10988 // JVNDB: JVNDB-2019-008955 // CNVD: CNVD-2019-31326 // VULHUB: VHN-142589

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-31326

AFFECTED PRODUCTS

vendor:philipsmodel:hdi 4000scope:eqversion:*

Trust: 1.0

vendor:philipsmodel:hdi 4000scope: - version: -

Trust: 0.8

vendor:philipsmodel:hdi ultrasound systemsscope:eqversion:4000

Trust: 0.6

sources: CNVD: CNVD-2019-31326 // JVNDB: JVNDB-2019-008955 // NVD: CVE-2019-10988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10988
value: LOW

Trust: 1.0

NVD: CVE-2019-10988
value: LOW

Trust: 0.8

CNVD: CNVD-2019-31326
value: LOW

Trust: 0.6

CNNVD: CNNVD-201908-2221
value: LOW

Trust: 0.6

VULHUB: VHN-142589
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-10988
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-31326
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-142589
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10988
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2019-10988
baseSeverity: LOW
baseScore: 3.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-31326 // VULHUB: VHN-142589 // JVNDB: JVNDB-2019-008955 // CNNVD: CNNVD-201908-2221 // NVD: CVE-2019-10988

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-477

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-142589 // JVNDB: JVNDB-2019-008955 // NVD: CVE-2019-10988

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-2221

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201908-2221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008955

PATCH
title:Top Pageurl:https://www.usa.philips.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008955

EXTERNAL IDS
db:ICS CERTid:ICSMA-19-241-02
Trust: 3.1
db:NVDid:CVE-2019-10988
Trust: 3.1
db:JVNDBid:JVNDB-2019-008955
Trust: 0.8
db:CNNVDid:CNNVD-201908-2221
Trust: 0.7
db:CNVDid:CNVD-2019-31326
Trust: 0.6
db:AUSCERTid:ESB-2019.3304
Trust: 0.6
db:VULHUBid:VHN-142589
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-31326 // 
            
            
            
            VULHUB: VHN-142589 // 
            
            
            
            JVNDB: JVNDB-2019-008955 // 
            
            
            
            CNNVD: CNNVD-201908-2221 // 
            
            
            
            NVD: CVE-2019-10988

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-19-241-02
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-10988
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10988
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.3304/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-31326 // 
            
            
            
            VULHUB: VHN-142589 // 
            
            
            
            JVNDB: JVNDB-2019-008955 // 
            
            
            
            CNNVD: CNNVD-201908-2221 // 
            
            
            
            NVD: CVE-2019-10988

SOURCES
db:CNVDid:CNVD-2019-31326
db:VULHUBid:VHN-142589
db:JVNDBid:JVNDB-2019-008955
db:CNNVDid:CNNVD-201908-2221
db:NVDid:CVE-2019-10988

LAST UPDATE DATE
2024-11-23T23:01:40.734000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-31326date:2019-09-14T00:00:00
db:VULHUBid:VHN-142589date:2020-10-02T00:00:00
db:JVNDBid:JVNDB-2019-008955date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201908-2221date:2020-10-09T00:00:00
db:NVDid:CVE-2019-10988date:2024-11-21T04:20:18.173

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-31326date:2019-09-14T00:00:00
db:VULHUBid:VHN-142589date:2019-09-04T00:00:00
db:JVNDBid:JVNDB-2019-008955date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201908-2221date:2019-08-29T00:00:00
db:NVDid:CVE-2019-10988date:2019-09-04T14:15:11.120