CVE-2017-14111

{"id": "CVE-2017-14111", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2017-11-17T20:29:00.323", "references": [{"url": "http://www.securityfocus.com/bid/101850", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01", "tags": ["Issue Tracking", "US Government Resource", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."}, {"lang": "es", "value": "La funci\u00f3n de inicio de sesi\u00f3n en la estaci\u00f3n de trabajo en Philips IntelliSpace Cardiovascular (ISCV) en sus versiones 2.3.0 y anteriores y en Xcelera en versiones R4.1L1 y anteriores registra credenciales de autenticaci\u00f3n de dominio. Si se obtiene acceso a estos datos, se permitir\u00eda que un atacante utilice credenciales para acceder a la aplicaci\u00f3n o que obtenga otros privilegios de usuarios."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53695467-C883-4602-92F9-1D3BE724C447", "versionEndIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7B42FA-43AB-4599-BE34-997D251F5A22", "versionEndIncluding": "r4.1l1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}