CVE-2019-18263 - OpenCVE

An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Endura Endura Firmware Pulsera Pulsera Firmware Veradius Unity Veradius Unity Firmware

Configuration 1 [-]

AND

cpe:2.3:o:philips:veradius_unity_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:veradius_unity:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:philips:pulsera_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pulsera:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:philips:endura_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:endura:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsma-19-353-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2019-12-20T15:27:16

Updated: 2024-08-05T01:47:14.119Z

Reserved: 2019-10-22T00:00:00

Link: CVE-2019-18263

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-20T16:15:11.577

Modified: 2020-01-10T01:43:03.570

Link: CVE-2019-18263

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Philips Veradius Unity, Pulsera, and Endura Dual WAN Router", "vendor": "n/a", "versions": [{"status": "affected", "version": "Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018)"}]}], "descriptions": [{"lang": "en", "value": "An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "INADEQUATE ENCRYPTION STRENGTH CWE-326", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-20T15:27:16", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-353-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-18263", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips Veradius Unity, Pulsera, and Endura Dual WAN Router", "version": {"version_data": [{"version_value": "Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-19-353-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-19-353-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:47:14.119Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-353-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-18263", "datePublished": "2019-12-20T15:27:16", "dateReserved": "2019-10-22T00:00:00", "dateUpdated": "2024-08-05T01:47:14.119Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:veradius_unity_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A91063EA-003F-410A-A58D-C6B2E69081FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:veradius_unity:-:*:*:*:*:*:*:*", "matchCriteriaId": "785632E5-E80F-4C09-B20A-C41CAFBAD2EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:pulsera_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C4DF760-4451-4FCB-A629-991D3C21E5C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:pulsera:-:*:*:*:*:*:*:*", "matchCriteriaId": "6283D82B-F4E0-4264-93AA-A5189DFD468D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:endura_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "391CBB0B-63B0-4A69-945A-DDF2BB45D411", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:endura:-:*:*:*:*:*:*:*", "matchCriteriaId": "60A70DAF-45F7-4E04-996E-810A91C58801", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required."}, {"lang": "es", "value": "Se encontr\u00f3 un problema en Philips Veradius Unity, Pulsera and Endura Dual WAN Router, Veradius Unity (718132) con opci\u00f3n inal\u00e1mbrica (enviado entre 2016-Agosto 2018), Veradius Unity (718132) con opci\u00f3n ViewForum (enviado entre 2016-Agosto 2018) , Pulsera (718095) y Endura (718075) con opci\u00f3n inal\u00e1mbrica (enviada entre el 26 de junio de 2017 y el 07 de agosto de 2018), Pulsera (718095) y Endura (718075) con la opci\u00f3n ViewForum (enviada entre el 26 de junio de 2017 y el 07 -Agosto 2018). El software del enrutador utiliza un esquema de cifrado que no es suficientemente fuerte para el nivel de protecci\u00f3n requerido."}], "id": "CVE-2019-18263", "lastModified": "2020-01-10T01:43:03.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-20T16:15:11.577", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-353-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-326"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}