4.4
CVE-2020-14477
- EPSS 0.05%
- Published 26.06.2020 17:15:10
- Last modified 04.06.2025 22:15:22
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Data is provided by the National Vulnerability Database (NVD)
Philips ≫ Clearvue 850 Firmware Version <= 3.2
Philips ≫ Clearvue 350 Firmware Version <= 3.2
Philips ≫ Cx50 Firmware Version5.0.2
Philips ≫ Affiniti 70 Firmware Version <= 5.0
Philips ≫ Affiniti 50 Firmware Version <= 5.0
Philips ≫ Epiq 7 Firmware Version <= 5.0
Philips ≫ Sparq Firmware Version <= 3.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.112 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 1.8 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
| ics-cert@hq.dhs.gov | 3.6 | 1 | 2.5 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.