Vulnerability Description
A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Capsuletech | Smartlinx Neuron 2 Firmware | <= 9.0.3 |
| Capsuletech | Smartlinx Neuron 2 | - |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785Third Party Advisory
FAQ
What is CVE-2019-5024?
CVE-2019-5024 is a vulnerability with a CVSS score of 7.6 (HIGH). A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A s...
How severe is CVE-2019-5024?
CVE-2019-5024 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5024?
Check the references section above for vendor advisories and patch information. Affected products include: Capsuletech Smartlinx Neuron 2 Firmware, Capsuletech Smartlinx Neuron 2.