Vulnerability Description
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Alice 6 Firmware | <= r8.0.2 |
| Philips | Alice 6 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103537Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/103537Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5451?
CVE-2018-5451 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead...
How severe is CVE-2018-5451?
CVE-2018-5451 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-5451?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Alice 6 Firmware, Philips Alice 6.