1. Home
  2. CVE Database
  3. CVE-2020-6977
MEDIUM · 6.8

CVE-2020-6977

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resu...

Vulnerability Description

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
GeVivid E95 FirmwareAll versions
GeVivid E95-
GeVivid E90 FirmwareAll versions
GeVivid E90-
GeVivid S70N FirmwareAll versions
GeVivid S70N-
GeVivid T8 FirmwareAll versions
GeVivid T8-
GeVivid T9 FirmwareAll versions
GeVivid T9-
GeVivid Iq FirmwareAll versions
GeVivid Iq-
GeLogiq E10 FirmwareAll versions
GeLogiq E10-
GeLogiq E9 FirmwareAll versions
GeLogiq E9-
GeLogiq S8 FirmwareAll versions
GeLogiq S8-
GeLogiq S7 FirmwareAll versions
GeLogiq S7-

Related Weaknesses (CWE)

CWE-20CWE-693

References

FAQ

What is CVE-2020-6977?

CVE-2020-6977 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resu...

How severe is CVE-2020-6977?

CVE-2020-6977 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6977?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Vivid E95 Firmware, Ge Vivid E95, Ge Vivid E90 Firmware, Ge Vivid E90, Ge Vivid S70N Firmware.