CVE-2018-5470
First published: Tue Feb 27 2018(Updated: )
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips IntelliSpace Portal | =8.0 | |
| Philips IntelliSpace Portal | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5470?
CVE-2018-5470 has a medium severity rating due to its potential to allow local users to escalate privileges.
How do I fix CVE-2018-5470?
To fix CVE-2018-5470, ensure that all user environments have properly quoted paths in configurations.
What versions are affected by CVE-2018-5470?
CVE-2018-5470 affects Philips IntelliSpace Portal versions 8.0.x and 7.0.x.
Can CVE-2018-5470 be exploited remotely?
CVE-2018-5470 requires local access, so it cannot be exploited remotely by an unauthorized user.
Who is impacted by CVE-2018-5470?
Authorized local users of Philips IntelliSpace Portal may be impacted by CVE-2018-5470.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/philips
- canonical/philips intellispace portal
- version/philips intellispace portal/8.0
- version/philips intellispace portal/9.0