CVE-2018-14787
Summary
| CVE | CVE-2018-14787 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-22 18:29:00 UTC |
| Updated | 2022-04-22 19:23:00 UTC |
| Description | In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Philips | Intellispace Cardiovascular | All | All | All | All |
| Application | Philips | Xcelera | All | All | All | All |
| Application | Phillips | Intellispace Cardiovascular | All | All | All | All |
| Application | Phillips | Xcelera | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Philips IntelliSpace Cardiovascular Vulnerabilities | ICS-CERT | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| Product Security | Philips | CONFIRM | www.usa.philips.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.