CVE-2019-10988

In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.

CVSS v3 3.4 LOW
CVSS v2.0 3.6 LOW

3.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsma-19-241-02	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:philips:hdi_4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:philips:hdi_4000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-04 14:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-10988

Mitre link : CVE-2019-10988

CVE.ORG link : CVE-2019-10988

JSON object : View

Products Affected

philips

hdi_4000
hdi_4000_firmware

CWE

NVD-CWE-Other CWE-477

Use of Obsolete Function

{"id": "CVE-2019-10988", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.4, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.8}]}, "published": "2019-09-04T14:15:11.120", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-477"}]}], "descriptions": [{"lang": "en", "value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."}, {"lang": "es", "value": "En Philips HDI 4000 Ultrasound Systems, todas las versiones que se ejecutan en sistemas operativos no compatibles y antiguos, como Windows 2000, el HDI 4000 Ultrasound System est\u00e1 construido sobre un sistema operativo antiguo que ya no es compatible. Por lo tanto, cualquier vulnerabilidad no mitigada en el sistema operativo antiguo podr\u00eda ser explotada para afectar este producto."}], "lastModified": "2020-10-02T17:00:04.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:hdi_4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94AD579D-B72B-4010-B810-E1D5D025F0AA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:hdi_4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7853823E-9546-4107-A7C4-36B11D0AE739"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}