PT-2019-13394 · Philips · Philips Intellivue Wlan

Shawn Loveric

Publicado

2019-09-12

Atualizado

2019-10-09

CVE-2019-13530

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09 Philips IntelliVue WLAN, portable patient monitors, WLAN Version B, Firmware A.01.09

Description The issue allows an attacker to use credentials to login via ftp and upload a malicious firmware.

Recommendations For Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, restrict access to the ftp service to prevent malicious firmware uploads. For Philips IntelliVue WLAN, portable patient monitors, WLAN Version B, Firmware A.01.09, restrict access to the ftp service to prevent malicious firmware uploads.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-259

Identificadores relacionados

CVE-2019-13530

Produtos afetados

Philips Intellivue Wlan

PT-2019-13394 · Philips · Philips Intellivue Wlan

CVE-2019-13530

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3