CVE-2018-19001

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.6 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector : AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 0.9 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/106126	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01	Mitigation US Government Resource Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:philips:healthsuite_health:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2018-12-07 14:29

Updated : 2019-10-09 23:37

NVD link : CVE-2018-19001

Mitre link : CVE-2018-19001

CVE.ORG link : CVE-2018-19001

JSON object : View

Products Affected

philips

healthsuite_health

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2018-19001", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.9}]}, "published": "2018-12-07T14:29:00.697", "references": [{"url": "http://www.securityfocus.com/bid/106126", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01", "tags": ["Mitigation", "US Government Resource", "Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required."}, {"lang": "es", "value": "Aplicaci\u00f3n de Philips HealthSuite Health para Android, en todas las versiones. El software emplea un cifrado simple que no es lo suficientemente fuerte para el nivel de protecci\u00f3n necesario."}], "lastModified": "2019-10-09T23:37:34.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:healthsuite_health:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "EEB1F58C-5908-469F-9C76-CCAB35756556"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}