CVE-2018-5451
Last modified
CVE-2018-5451 is a vulnerability of currently unknown severity. In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.. EPSS estimates a 2.73% chance of exploitation in the next 30 days.
Description
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Philips | Alice 6 Firmware | <= r8.0.2 |
References
- http://www.securityfocus.com/bid/103537Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/103537Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5451?
How severe is CVE-2018-5451?
How do I fix CVE-2018-5451?
Are you affected by CVE-2018-5451?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST