Lucene search

GEHCVULNRICHMENT:CVE-2024-1630

HistoryMay 14, 2024 - 4:55 p.m.

CVE-2024-1630 Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component

2024-05-1416:55:56

CWE-22

GEHC

github.com

cve-2024-1630

path traversal

common service desktop

ge healthcare

ultrasound device

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "venue_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "r1"
      },
      {
        "status": "affected",
        "version": "r2"
      },
      {
        "status": "affected",
        "version": "r3",
        "versionType": "custom",
        "lessThanOrEqual": "r3.3"
      },
      {
        "status": "affected",
        "version": "r4",
        "versionType": "custom",
        "lessThanOrEqual": "r4.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "venue_go_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "r2"
      },
      {
        "status": "affected",
        "version": "r3",
        "versionType": "custom",
        "lessThanOrEqual": "r3.3"
      },
      {
        "status": "affected",
        "version": "r4",
        "versionType": "custom",
        "lessThanOrEqual": "r4.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "venue_fit_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "r3",
        "versionType": "custom",
        "lessThanOrEqual": "r3.3"
      },
      {
        "status": "affected",
        "version": "r4",
        "versionType": "custom",
        "lessThanOrEqual": "r4.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "logiq_e_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "r7",
        "versionType": "custom",
        "lessThanOrEqual": "r9.1.4"
      },
      {
        "status": "affected",
        "version": "r8",
        "versionType": "custom",
        "lessThanOrEqual": "r10.1.3"
      },
      {
        "status": "affected",
        "version": "r9",
        "versionType": "custom",
        "lessThanOrEqual": "r11.0.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "logiq_he_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "r9.3.1"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "vivid_e_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "e95",
        "lessThan": "206",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "e90",
        "lessThan": "206",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "e80",
        "lessThan": "206",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "vivid_t_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "t8",
        "lessThan": "206",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "t9",
        "lessThan": "206",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "vivid_iq_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "206",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:voluson_expert_16:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "voluson_expert_16",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      },
      {
        "status": "affected",
        "version": "bt24"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:voluson_expert_18:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "voluson_expert_18",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      },
      {
        "status": "affected",
        "version": "bt24"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:voluson_expert_22:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "voluson_expert_22",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      },
      {
        "status": "affected",
        "version": "bt24"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:voluson_swift:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "voluson_swift",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      },
      {
        "status": "affected",
        "version": "bt24"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:logiq_e10:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "logiq_e10",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "r3.2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:logiq_e10s:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "logiq_e10s",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "r3.2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:gehealthcare:logiq_fortis:*:*:*:*:*:*:*:*"
    ],
    "vendor": "gehealthcare",
    "product": "logiq_fortis",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "r3.2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

securityupdate.gehealthcare.com/

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-1630