CVE-2019-5024

EPSS 0.05%
Veröffentlicht 11.04.2019 18:29:00
Zuletzt bearbeitet 21.11.2024 04:44:12
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Capsuletech ≫ Smartlinx Neuron 2 Firmware Version <= 9.0.3

Capsuletech ≫ Smartlinx Neuron 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	0.9	6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
talos-cna@cisco.com	7.6	0.9	6	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-5024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-5024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-5024

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-5024