Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6977

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

Published

2020-02-20T21:15:11.787

Last Modified

2024-11-21T05:36:25.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-693
Type: Primary
CWE-20
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	vivid_e95_firmware	*	Yes
Hardware	ge	vivid_e95	-	No
Operating System	ge	vivid_e90_firmware	*	Yes
Hardware	ge	vivid_e90	-	No
Operating System	ge	vivid_s70n_firmware	*	Yes
Hardware	ge	vivid_s70n	-	No
Operating System	ge	vivid_t8_firmware	*	Yes
Hardware	ge	vivid_t8	-	No
Operating System	ge	vivid_t9_firmware	*	Yes
Hardware	ge	vivid_t9	-	No
Operating System	ge	vivid_iq_firmware	*	Yes
Hardware	ge	vivid_iq	-	No
Operating System	ge	logiq_e10_firmware	*	Yes
Hardware	ge	logiq_e10	-	No
Operating System	ge	logiq_e9_firmware	*	Yes
Hardware	ge	logiq_e9	-	No
Operating System	ge	logiq_s8_firmware	*	Yes
Hardware	ge	logiq_s8	-	No
Operating System	ge	logiq_s7_firmware	*	Yes
Hardware	ge	logiq_s7	-	No
Operating System	ge	logiq_p9_firmware	*	Yes
Hardware	ge	logiq_p9	-	No
Operating System	ge	logiq_e9_with_xdclear_firmware	*	Yes
Hardware	ge	logiq_e9_with_xdclear	-	No
Operating System	ge	voluson_firmware	*	Yes
Hardware	ge	voluson	-	No
Operating System	ge	versana_essential_firmware	*	Yes
Hardware	ge	versana_essential	-	No
Operating System	ge	invenia_abus_scan_station_firmware	*	Yes
Hardware	ge	invenia_abus_scan_station	-	No
Operating System	ge	venue_go_firmware	*	Yes
Hardware	ge	venue_go	-	No

References

https://www.us-cert.gov/ics/advisories/icsma-20-049-02 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsma-20-049-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)