First published: Fri Jun 26 2020(Updated: )
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips Clearvue 850 Firmware | <=3.2 | |
Philips Clearvue 850 | ||
Philips Clearvue 350 Firmware | <=3.2 | |
Philips Clearvue 350 | ||
Philips Cx50 Firmware | =5.0.2 | |
Philips Cx50 | ||
Philips Affiniti 70 Firmware | <=5.0 | |
Philips Affiniti 70 | ||
Philips Affiniti 50 Firmware | <=5.0 | |
Philips Affiniti 50 | ||
Philips Epiq 7 Firmware | <=5.0 | |
Philips Epiq 7 | ||
Philips Sparq Firmware | <=3.0.2 | |
Philips Sparq | ||
Philips Xperius Firmware | ||
Philips Xperius |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-14477.
The severity of CVE-2020-14477 is medium with a severity value of 4.4.
Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior, and Ultrasound Xperius all versions are affected.
An attacker may use an alternate path or channel that does not require authentication.
To mitigate this vulnerability, it is recommended to apply the necessary patches or updates provided by Philips.