PT-2018-18672 · Microsoft+1 · Windows Os+3
Published
2018-05-04
·
Updated
2019-10-09
·
CVE-2018-8861
CVSS v3.1
8.7
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Philips Brilliance CT kiosk environment versions prior to the following:
Brilliance 64 version 2.6.2
Brilliance iCT version 4.1.6
Brilliance iCT SP version 3.2.4
Brilliance CT Big Bore version 2.3.5
Description
The issue allows a limited-access kiosk user or an unauthorized attacker to break out from the kiosk environment containment, gain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.
Recommendations
For Brilliance 64 version 2.6.2 and prior, update to a version later than 2.6.2.
For Brilliance iCT versions 4.1.6 and prior, update to a version later than 4.1.6.
For Brilliance iCT SP versions 3.2.4 and prior, update to a version later than 3.2.4.
For Brilliance CT Big Bore version 2.3.5 and prior, update to a version later than 2.3.5.
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brilliance 64
Brilliance Ct Big Bore
Brilliance Ict
Windows Os