Vulnerability Details : CVE-2018-5462
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
Vulnerability category: Bypass
Products affected by CVE-2018-5462
- cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-5462
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5462
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-5462
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2018-5462
-
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Philips Intellispace Portal ISP Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Product Security | PhilipsVendor Advisory
-
http://www.securityfocus.com/bid/103182
Philips Intellispace Portal Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to