7.2

CVE-2020-6977

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

Data is provided by the National Vulnerability Database (NVD)
GeVivid E95 Firmware
   GeVivid E95 Version-
GeVivid E90 Firmware
   GeVivid E90 Version-
GeVivid S70n Firmware
   GeVivid S70n Version-
GeVivid T8 Firmware
   GeVivid T8 Version-
GeVivid T9 Firmware
   GeVivid T9 Version-
GeVivid Iq Firmware
   GeVivid Iq Version-
GeLogiq E10 Firmware
   GeLogiq E10 Version-
GeLogiq E9 Firmware
   GeLogiq E9 Version-
GeLogiq S8 Firmware
   GeLogiq S8 Version-
GeLogiq S7 Firmware
   GeLogiq S7 Version-
GeLogiq P9 Firmware
   GeLogiq P9 Version-
GeVoluson Firmware
   GeVoluson Version-
GeVenue Go Firmware
   GeVenue Go Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.487
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://www.us-cert.gov/ics/advisories/icsma-20-049-02
Third Party Advisory
US Government Resource