CVE-2024-1486

EUVD-2024-17234
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gehealthcarevenue_firmware
R3 ≤
𝑥
≤ R3.3
ADP
gehealthcarevenue_firmware
R4 ≤
𝑥
≤ R4.2
ADP
gehealthcarevenue_go_firmware
R3 ≤
𝑥
≤ R3.3
ADP
gehealthcarevenue_go_firmware
R4 ≤
𝑥
≤ R4.2
ADP
gehealthcarevenue_fit_firmware
R3 ≤
𝑥
≤ R3.3
ADP
gehealthcarevenue_fit_firmware
R4 ≤
𝑥
≤ R4.2
ADP
gehealthcarelogiq_e_firmware
R7 ≤
𝑥
≤ R9.1.4
ADP
gehealthcarelogiq_e_firmware
R8 ≤
𝑥
≤ R10.1.3
ADP
gehealthcarelogiq_e_firmware
R9 ≤
𝑥
≤ R11.0.2
ADP
gehealthcarelogiq_he_firmware
𝑥
≤ R9.3.1
ADP
gehealthcarevivid_e_firmware
E95 ≤
𝑥
< 206
ADP
gehealthcarevivid_e_firmware
E90 ≤
𝑥
< 206
ADP
gehealthcarevivid_e_firmware
E80 ≤
𝑥
< 206
ADP
gehealthcarevivid_e_firmware
E9 113.2 ≤
𝑥
≤ 113.2
ADP
gehealthcarevivid_s_firmware
70N ≤
𝑥
< 206
ADP
gehealthcarevivid_s_firmware
60N ≤
𝑥
< 206
ADP
gehealthcarevivid_t_firmware
T8 ≤
𝑥
< 206
ADP
gehealthcarevivid_t_firmware
T9 ≤
𝑥
< 206
ADP
gehealthcarevivid_iq_firmware
𝑥
< 206
ADP
gehealthcareinvenia_abus_2.0_firmware
𝑥
< 2.2.9
ADP
Common Weakness Enumeration
References
https://securityupdate.gehealthcare.com/
https://securityupdate.gehealthcare.com/