CVE-2019-5024 - Vulnerability Details - OpenCVE

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Capsuletech	Smartlinx Neuron 2 Smartlinx Neuron 2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:capsuletech:smartlinx_neuron_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:capsuletech:smartlinx_neuron_2:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785

History

No history.

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2019-04-11T17:45:08

Updated: 2024-08-04T19:40:49.207Z

Reserved: 2019-01-04T00:00:00

Link: CVE-2019-5024

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-11T18:29:00.270

Modified: 2024-11-21T04:44:12.523

Link: CVE-2019-5024

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Capsule Technologies SmartLinx Neuron 2", "vendor": "Capsule Technologies", "versions": [{"status": "affected", "version": "9.0.3 or lower"}]}], "datePublic": "2019-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "A restricted environment escape vulnerability exists in the \u201ckiosk mode\u201d function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-17T22:19:02", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2019-5024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Capsule Technologies SmartLinx Neuron 2", "version": {"version_data": [{"version_value": "9.0.3 or lower"}]}}]}, "vendor_name": "Capsule Technologies"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A restricted environment escape vulnerability exists in the \u201ckiosk mode\u201d function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability."}]}, "impact": {"cvss": {"baseScore": 7.6, "baseSeverity": "High", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693: Protection Mechanism Failure"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785", "refsource": "CONFIRM", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:40:49.207Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5024", "datePublished": "2019-04-11T17:45:08", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-08-04T19:40:49.207Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:capsuletech:smartlinx_neuron_2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0786573E-89D0-4D3F-A1A7-3AAD1102C092", "versionEndIncluding": "9.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:capsuletech:smartlinx_neuron_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1ECBBAB-ADE3-4F31-97D5-56B818DD4276", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A restricted environment escape vulnerability exists in the \u201ckiosk mode\u201d function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de escape de entorno restringido en la funci\u00f3n \"kiosk mode\" de los dispositivos de recopilaci\u00f3n de informaci\u00f3n m\u00e9dica Capsule Technologies SmartLinx Neuron 2 que ejecutan las versiones 9.0.3 o inferiores. Una serie espec\u00edfica de entradas de teclado puede escapar del entorno restringido, resultando en un acceso total de administrador al sistema operativo subyacente. Un atacante puede conectarse al dispositivo a trav\u00e9s del puerto USB con un teclado u otro dispositivo HID para activar esta vulnerabilidad."}], "id": "CVE-2019-5024", "lastModified": "2024-11-21T04:44:12.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-11T18:29:00.270", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}