CVE-2019-18241 — MEDIUM (6.5)

Vulnerability Description

In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Philips	Intellibridge Ec40 Firmware	All versions
Philips	Intellibridge Ec40	-
Philips	Intellibridge Ec80 Firmware	All versions
Philips	Intellibridge Ec80	-

Related Weaknesses (CWE)

CWE-326

References

https://www.us-cert.gov/ics/advisories/icsma-19-318-01Third Party AdvisoryUS Government Resource
https://www.us-cert.gov/ics/advisories/icsma-19-318-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2019-18241?

CVE-2019-18241 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak cipher...

How severe is CVE-2019-18241?

CVE-2019-18241 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-18241?

Check the references section above for vendor advisories and patch information. Affected products include: Philips Intellibridge Ec40 Firmware, Philips Intellibridge Ec40, Philips Intellibridge Ec80 Firmware, Philips Intellibridge Ec80.