Sign-up

ID

VAR-202008-0156


CVE

CVE-2020-14518


TITLE

Philips Made DreamMapper Vulnerability of information leakage from log files

Trust: 0.8

sources: JVNDB: JVNDB-2020-007131

DESCRIPTION

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips Provided by the company DreamMapper Is a mobile application to help treat sleep apnea. It is not an application that provides treatment or diagnosis directly to the patient, so it does not affect patient safety. Philips DreamMapper is a sleep therapy equipment management program of Philips in Europe

Trust: 1.71

sources: NVD: CVE-2020-14518 // JVNDB: JVNDB-2020-007131 // VULHUB: VHN-167404

AFFECTED PRODUCTS

vendor:philipsmodel:dreammapperscope:lteversion:2.24

Trust: 1.0

vendor:philipsmodel:dreammapperscope:eqversion:version 2.24

Trust: 0.8

sources: JVNDB: JVNDB-2020-007131 // NVD: CVE-2020-14518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14518
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2020-007131
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202007-1789
value: MEDIUM

Trust: 0.6

VULHUB: VHN-167404
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-167404
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14518
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-007131
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-167404 // JVNDB: JVNDB-2020-007131 // CNNVD: CNNVD-202007-1789 // NVD: CVE-2020-14518

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

sources: VULHUB: VHN-167404 // NVD: CVE-2020-14518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1789

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202007-1789

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007131

PATCH
title:Philips DreamMapper (30 July 2020)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007131

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-212-01
Trust: 2.5
db:NVDid:CVE-2020-14518
Trust: 2.5
db:JVNid:JVNVU90407983
Trust: 0.8
db:JVNDBid:JVNDB-2020-007131
Trust: 0.8
db:CNNVDid:CNNVD-202007-1789
Trust: 0.7
db:AUSCERTid:ESB-2020.2625
Trust: 0.6
db:VULHUBid:VHN-167404
Trust: 0.1
sources:
            
            
            VULHUB: VHN-167404 // 
            
            
            
            JVNDB: JVNDB-2020-007131 // 
            
            
            
            CNNVD: CNNVD-202007-1789 // 
            
            
            
            NVD: CVE-2020-14518

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14518
Trust: 0.8
url:http://jvn.jp/cert/jvnvu90407983
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2625/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-14518
Trust: 0.6
sources:
            
            
            VULHUB: VHN-167404 // 
            
            
            
            JVNDB: JVNDB-2020-007131 // 
            
            
            
            CNNVD: CNNVD-202007-1789 // 
            
            
            
            NVD: CVE-2020-14518

SOURCES
db:VULHUBid:VHN-167404
db:JVNDBid:JVNDB-2020-007131
db:CNNVDid:CNNVD-202007-1789
db:NVDid:CVE-2020-14518

LAST UPDATE DATE
2024-11-23T22:29:30.698000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-167404date:2020-08-27T00:00:00
db:JVNDBid:JVNDB-2020-007131date:2020-08-03T00:00:00
db:CNNVDid:CNNVD-202007-1789date:2020-08-28T00:00:00
db:NVDid:CVE-2020-14518date:2024-11-21T05:03:26.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-167404date:2020-08-21T00:00:00
db:JVNDBid:JVNDB-2020-007131date:2020-08-03T00:00:00
db:CNNVDid:CNNVD-202007-1789date:2020-07-30T00:00:00
db:NVDid:CVE-2020-14518date:2020-08-21T13:15:13.443