VAR-202008-0156
Vulnerability from variot - Updated: 2023-12-18 12:16Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips Provided by the company DreamMapper Is a mobile application to help treat sleep apnea. It is not an application that provides treatment or diagnosis directly to the patient, so it does not affect patient safety. Philips DreamMapper is a sleep therapy equipment management program of Philips in Europe
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dreammapper",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "2.24"
},
{
"model": "dreammapper",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "version 2.24"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:android:*:*",
"cpe_name": [],
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"cve": "CVE-2020-14518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007131",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14518",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-007131",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1789",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-167404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips Provided by the company DreamMapper Is a mobile application to help treat sleep apnea. It is not an application that provides treatment or diagnosis directly to the patient, so it does not affect patient safety. Philips DreamMapper is a sleep therapy equipment management program of Philips in Europe",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "VULHUB",
"id": "VHN-167404"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-212-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-14518",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90407983",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167404",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"id": "VAR-202008-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:16:53.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DreamMapper (30 July 2020)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14518"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90407983"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2625/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14518"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167404"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"date": "2020-08-21T13:15:13.443000",
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-167404"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"date": "2020-08-27T15:32:05.937000",
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"date": "2020-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made DreamMapper Vulnerability of information leakage from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…