Vulnerability Details : CVE-2018-5472
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
Vulnerability category: Execute codeBypass
Products affected by CVE-2018-5472
- cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-5472
0.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5472
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-5472
-
Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2018-5472
-
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Philips Intellispace Portal ISP Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Product Security | PhilipsVendor Advisory
-
http://www.securityfocus.com/bid/103182
Philips Intellispace Portal Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to