CVE-2019-18241

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsma-19-318-01	Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-19-318-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:philips:intellibridge_ec40_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellibridge_ec40:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:philips:intellibridge_ec80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellibridge_ec80:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type	Values Removed	Values Added
References	~~() https://www.us-cert.gov/ics/advisories/icsma-19-318-01 - Third Party Advisory, US Government Resource~~	() https://www.us-cert.gov/ics/advisories/icsma-19-318-01 - Third Party Advisory, US Government Resource

Information

Published : 2019-11-26 00:15

Updated : 2024-11-21 04:32

NVD link : CVE-2019-18241

Mitre link : CVE-2019-18241

CVE.ORG link : CVE-2019-18241

JSON object : View

Products Affected

philips

intellibridge_ec80
intellibridge_ec80_firmware
intellibridge_ec40
intellibridge_ec40_firmware

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2019-18241", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-11-26T00:15:11.717", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsma-19-318-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.us-cert.gov/ics/advisories/icsma-19-318-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-326"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub."}, {"lang": "es", "value": "En Philips IntelliBridge EC40 y EC80, IntelliBridge EC40 Hub todas las versiones e IntelliBridge EC80 Hub todas las versiones, el servidor SSH que es ejecutado en los productos afectados est\u00e1 configurado para permitir cifrados d\u00e9biles. Esto podr\u00eda permitir a un atacante no autorizado con acceso a la red capturar y reproducir la sesi\u00f3n y conseguir acceso no autorizado al concentrador EC40/80."}], "lastModified": "2024-11-21T04:32:54.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:intellibridge_ec40_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49999CB-F7EF-4FF8-AC14-2D1B17C8212A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:intellibridge_ec40:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B1CA4D0-ADCF-4BBB-A1DB-F790B86AAB7C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:intellibridge_ec80_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91926C76-AF1A-4CD0-87E8-607E301084E5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:intellibridge_ec80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B726E06E-D616-46A3-9496-DE42582C86C6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}