Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-1486
PUBLISHED
More InfoOfficial Page
Assigner-GEHC
Assigner Org ID-171caf72-b841-4e04-a68e-93493aff2b94
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2024 | 15:10
Updated At-16 Aug, 2024 | 18:15
Rejected At-
▼CVE Numbering Authority (CNA)
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices

Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices

Affected Products
Vendor
GE HealthCare
Product
Venue
Default Status
unaffected
Versions
Affected
  • R1
  • R2
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
GE HealthCare
Product
Venue Go
Default Status
unaffected
Versions
Affected
  • R2
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
GE HealthCare
Product
Venue Fit
Default Status
unaffected
Versions
Affected
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
GE HealthCare
Product
LOGIQ e
Default Status
unaffected
Versions
Affected
  • From R7 through R9.1.4 (custom)
  • From R8 through R10.1.3 (custom)
  • From R9 through R11.0.2 (custom)
Vendor
GE HealthCare
Product
LOGIQ He
Default Status
unaffected
Versions
Affected
  • From 0 through R9.3.1 (custom)
Vendor
GE HealthCare
Product
Vivid E
Default Status
unaffected
Versions
Affected
  • From E95 before 206 (custom)
  • From E90 before 206 (custom)
  • From E80 before 206 (custom)
  • From E9 113.2 through 113.2 (custom)
Vendor
GE HealthCare
Product
Vivid S
Default Status
unaffected
Versions
Affected
  • From 70N before 206 (custom)
  • From 60N before 206 (custom)
Vendor
GE HealthCare
Product
Vivid T
Default Status
unaffected
Versions
Affected
  • From T8 before 206 (custom)
  • From T9 before 206 (custom)
Vendor
GE HealthCare
Product
Vivid iq
Default Status
unaffected
Versions
Affected
  • From 0 before 206 (custom)
Vendor
GE HealthCare
Product
Invenia ABUS
Default Status
unaffected
Versions
Affected
  • 1.2.3
Vendor
GE HealthCare
Product
Invenia ABUS 2.0
Default Status
unaffected
Versions
Affected
  • From 0 before 2.2.9 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-1CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
CAPEC ID: CAPEC-1
Description: CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Andrea Palanca and Gabriele Quagliarella of Nozomi Networks
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://securityupdate.gehealthcare.com/
N/A
Hyperlink: https://securityupdate.gehealthcare.com/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://securityupdate.gehealthcare.com/
x_transferred
Hyperlink: https://securityupdate.gehealthcare.com/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
gehealthcare
Product
venue_firmware
CPEs
  • cpe:2.3:o:gehealthcare:venue_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • R1
  • R2
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
gehealthcare
Product
venue_go_firmware
CPEs
  • cpe:2.3:o:gehealthcare:venue_go_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • R2
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
gehealthcare
Product
venue_fit_firmware
CPEs
  • cpe:2.3:o:gehealthcare:venue_fit_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From R3 through R3.3 (custom)
  • From R4 through R4.2 (custom)
Vendor
gehealthcare
Product
logiq_e_firmware
CPEs
  • cpe:2.3:o:gehealthcare:logiq_e_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From R7 through R9.1.4 (custom)
  • From R8 through R10.1.3 (custom)
  • From R9 through R11.0.2 (custom)
Vendor
gehealthcare
Product
logiq_he_firmware
CPEs
  • cpe:2.3:o:gehealthcare:logiq_he_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 through R9.3.1 (custom)
Vendor
gehealthcare
Product
vivid_e_firmware
CPEs
  • cpe:2.3:o:gehealthcare:vivid_e_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From E95 before 206 (custom)
  • From E90 before 206 (custom)
  • From E80 before 206 (custom)
  • From E9 113.2 through 113.2 (custom)
Vendor
gehealthcare
Product
vivid_s_firmware
CPEs
  • cpe:2.3:o:gehealthcare:vivid_s_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 70N before 206 (custom)
  • From 60N before 206 (custom)
Vendor
gehealthcare
Product
vivid_t_firmware
CPEs
  • cpe:2.3:o:gehealthcare:vivid_t_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From T8 before 206 (custom)
  • From T9 before 206 (custom)
Vendor
gehealthcare
Product
vivid_iq_firmware
CPEs
  • cpe:2.3:o:gehealthcare:vivid_iq_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 206 (custom)
Vendor
gehealthcare
Product
invenia_abus_firmware
CPEs
  • cpe:2.3:o:gehealthcare:invenia_abus_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • 1.2.3
Vendor
gehealthcare
Product
invenia_abus_2.0_firmware
CPEs
  • cpe:2.3:o:gehealthcare:invenia_abus_2.0_firmware:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 2.2.9 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found