Strix
26.1K

CVE-2020-6977

MEDIUMCVSS 6.8/10EPSS 0.43%

Last modified

CVE-2020-6977 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.43%

34.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GeVivid E95 FirmwareAll versions
GeVivid E90 FirmwareAll versions
GeVivid S70n FirmwareAll versions
GeVivid T8 FirmwareAll versions
GeVivid T9 FirmwareAll versions
GeVivid Iq FirmwareAll versions
GeLogiq E10 FirmwareAll versions
GeLogiq E9 FirmwareAll versions
GeLogiq S8 FirmwareAll versions
GeLogiq S7 FirmwareAll versions
GeLogiq P9 FirmwareAll versions
GeLogiq E9 With Xdclear FirmwareAll versions
GeVoluson FirmwareAll versions
GeVersana Essential FirmwareAll versions
GeInvenia Abus Scan Station FirmwareAll versions
GeVenue Go FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-6977?
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5
How severe is CVE-2020-6977?
CVE-2020-6977 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2020-6977?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-6977?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST