Vulnerability CVE-2018-18630


Published: 2019-09-06

Description:
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.

Type:

CWE-275

(Permission Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mckesson -> Cardiology firmware 
Mckesson -> Horizon cardiology firmware 
Changehealthcare -> Cardiology firmware 

 References:
https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/
https://www.us-cert.gov/ics/advisories/icsma-19-241-01

Copyright 2021, cxsecurity.com

 

Back to Top