CVE-2020-14477
First published: Fri Jun 26 2020(Updated: )
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Clearvue 850 Firmware | <=3.2 | |
| Philips Clearvue 850 | ||
| Philips Clearvue 350 Firmware | <=3.2 | |
| Philips Clearvue 350 | ||
| Philips Cx50 Firmware | =5.0.2 | |
| Philips Cx50 | ||
| Philips Affiniti 70 Firmware | <=5.0 | |
| Philips Affiniti 70 | ||
| Philips Affiniti 50 Firmware | <=5.0 | |
| Philips Affiniti 50 | ||
| Philips Epiq 7 Firmware | <=5.0 | |
| Philips Epiq 7 | ||
| Philips Sparq Firmware | <=3.0.2 | |
| Philips Sparq | ||
| Philips Xperius Firmware | ||
| Philips Xperius |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Philips Ultrasound vulnerability?
The vulnerability ID is CVE-2020-14477.
What is the severity of CVE-2020-14477?
The severity of CVE-2020-14477 is medium with a severity value of 4.4.
Which versions of Philips Ultrasound are affected by CVE-2020-14477?
Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior, and Ultrasound Xperius all versions are affected.
What can an attacker do with CVE-2020-14477?
An attacker may use an alternate path or channel that does not require authentication.
Is there a fix available for CVE-2020-14477?
To mitigate this vulnerability, it is recommended to apply the necessary patches or updates provided by Philips.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/philips
- canonical/philips clearvue 850 firmware
- version/philips clearvue 850 firmware/3.2
- canonical/philips clearvue 850
- canonical/philips clearvue 350 firmware
- version/philips clearvue 350 firmware/3.2
- canonical/philips clearvue 350
- canonical/philips cx50 firmware
- version/philips cx50 firmware/5.0.2
- canonical/philips cx50
- canonical/philips affiniti 70 firmware
- version/philips affiniti 70 firmware/5.0
- canonical/philips affiniti 70
- canonical/philips affiniti 50 firmware
- version/philips affiniti 50 firmware/5.0
- canonical/philips affiniti 50
- canonical/philips epiq 7 firmware
- version/philips epiq 7 firmware/5.0
- canonical/philips epiq 7
- canonical/philips sparq firmware
- version/philips sparq firmware/3.0.2
- canonical/philips sparq
- canonical/philips xperius firmware
- canonical/philips xperius