PT-2020-14029 · Philips · Philips Ultrasound Sparq+4
Published
2020-06-26
·
Updated
2025-06-04
·
CVE-2020-14477
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Philips Ultrasound ClearVue versions 3.2 and prior
Philips Ultrasound CX versions 5.0.2 and prior
Philips Ultrasound EPIQ/Affiniti versions VM5.0 and prior
Philips Ultrasound Sparq version 3.0.2 and prior
Philips Ultrasound Xperius all versions
Description
The issue allows an attacker to use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Recommendations
For Philips Ultrasound ClearVue versions 3.2 and prior, update to a version later than 3.2.
For Philips Ultrasound CX versions 5.0.2 and prior, update to a version later than 5.0.2.
For Philips Ultrasound EPIQ/Affiniti versions VM5.0 and prior, update to a version later than VM5.0.
For Philips Ultrasound Sparq version 3.0.2 and prior, update to a version later than 3.0.2.
For Philips Ultrasound Xperius, consider restricting access to sensitive information until a fix is available.
Fix
Improper Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Philips Ultrasound Cx
Philips Ultrasound Clearvue
Philips Ultrasound Epiq/Affiniti
Philips Ultrasound Sparq
Philips Ultrasound Xperius