CVE-2019-13546

In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.

CVSS v3 6.8 MEDIUM
CVSS v2.0 7.2 HIGH

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsma-19-297-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:philips:intellispace_perinatal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-10-25 18:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-13546

Mitre link : CVE-2019-13546

CVE.ORG link : CVE-2019-13546

JSON object : View

Products Affected

philips

intellispace_perinatal

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2019-13546", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2019-10-25T18:15:10.800", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."}, {"lang": "es", "value": "En IntelliSpace Perinatal, Versiones K y anteriores, una vulnerabilidad dentro del entorno de la aplicaci\u00f3n IntelliSpace Perinatal podr\u00eda permitir que un atacante no autorizado con acceso f\u00edsico a una pantalla de aplicaci\u00f3n bloqueada, o un usuario autorizado de la aplicaci\u00f3n host de sesi\u00f3n de escritorio remoto se libere de la contenci\u00f3n de la aplicaci\u00f3n y acceda a recursos no autorizados desde el sistema operativo Windows como usuario de Windows de acceso limitado. Debido a vulnerabilidades potenciales de Windows, es posible que sean utilizados m\u00e9todos de ataque adicionales para escalar los privilegios sobre el sistema operativo."}], "lastModified": "2019-10-30T18:23:07.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_perinatal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A716EF-35F5-467A-9932-C153BB7A46A4", "versionEndIncluding": "k"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}