Lucene search

[email protected]CVE-2020-6977

HistoryFeb 20, 2020 - 9:15 p.m.

CVE-2020-6977

2020-02-2021:15:11

CWE-20

CWE-693

[email protected]

web.nvd.nist.gov

cve-2020-6977

restricted desktop environment

kiosk mode

ge ultrasound products

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

Affected configurations

NVD

Node

gevivid_e95Match-

AND

gevivid_e95_firmware

Node

gevivid_e90Match-

AND

gevivid_e90_firmware

Node

gevivid_s70nMatch-

AND

gevivid_s70n_firmware

Node

gevivid_t8Match-

AND

gevivid_t8_firmware

Node

gevivid_t9Match-

AND

gevivid_t9_firmware

Node

gevivid_iqMatch-

AND

gevivid_iq_firmware

Node

gelogiq_e10Match-

AND

gelogiq_e10_firmware

Node

gelogiq_e9Match-

AND

gelogiq_e9_firmware

Node

gelogiq_s8_firmware

AND

gelogiq_s8Match-

Node

gelogiq_s7_firmware

AND

gelogiq_s7Match-

Node

gelogiq_p9_firmware

AND

gelogiq_p9Match-

Node

gelogiq_e9_with_xdclear_firmware

AND

gelogiq_e9_with_xdclearMatch-

Node

gevoluson_firmware

AND

gevolusonMatch-

Node

geversana_essential_firmware

AND

geversana_essentialMatch-

Node

geinvenia_abus_scan_station_firmware

AND

geinvenia_abus_scan_stationMatch-

Node

gevenue_go_firmware

AND

gevenue_goMatch-

CPENameOperatorVersion
ge:vivid_e95_firmwarege vivid e95 firmwareeq*

CPE	Name	Operator	Version
ge:vivid_e95_firmware	ge vivid e95 firmware	eq	*

CNA Affected

[
  {
    "product": "GE Ultrasound Products",
    "vendor": "GE",
    "versions": [
      {
        "status": "affected",
        "version": "Vivid products - all versions"
      },
      {
        "status": "affected",
        "version": "LOGIQ - all versions not including LOGIQ 100 Pro"
      },
      {
        "status": "affected",
        "version": "Voluson - all versions"
      },
      {
        "status": "affected",
        "version": "Versana Essential - all versions"
      },
      {
        "status": "affected",
        "version": "Invenia ABUS Scan station - all versions"
      },
      {
        "status": "affected",
        "version": "Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-049-02

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for CVE-2020-6977

cvelist1 prion1 nvd1 ics1 thn1