CWE
287 288
Advisory Published
Updated

CVE-2020-14477

First published: Fri Jun 26 2020(Updated: )

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Philips Clearvue 850 Firmware<=3.2
Philips Clearvue 850
Philips Clearvue 350 Firmware<=3.2
Philips Clearvue 350
Philips Cx50 Firmware=5.0.2
Philips Cx50
Philips Affiniti 70 Firmware<=5.0
Philips Affiniti 70
Philips Affiniti 50 Firmware<=5.0
Philips Affiniti 50
Philips Epiq 7 Firmware<=5.0
Philips Epiq 7
Philips Sparq Firmware<=3.0.2
Philips Sparq
Philips Xperius Firmware
Philips Xperius

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of this Philips Ultrasound vulnerability?

    The vulnerability ID is CVE-2020-14477.

  • What is the severity of CVE-2020-14477?

    The severity of CVE-2020-14477 is medium with a severity value of 4.4.

  • Which versions of Philips Ultrasound are affected by CVE-2020-14477?

    Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior, and Ultrasound Xperius all versions are affected.

  • What can an attacker do with CVE-2020-14477?

    An attacker may use an alternate path or channel that does not require authentication.

  • Is there a fix available for CVE-2020-14477?

    To mitigate this vulnerability, it is recommended to apply the necessary patches or updates provided by Philips.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203