CVE-2019-5024 - A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technol

CVE-2019-5024

Summary

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785

Vulnerable Configurations

cpe:2.3:o:capsuletech:smartlinx_neuron_2_firmware:6.9.1:*:*:*:*:*:*:*
cpe:2.3:o:capsuletech:smartlinx_neuron_2_firmware:6.9.1:*:*:*:*:*:*:*
cpe:2.3:h:capsuletech:smartlinx_neuron_2:-:*:*:*:*:*:*:*
cpe:2.3:h:capsuletech:smartlinx_neuron_2:-:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 13-06-2022 - 18:46)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0785

Last major update

13-06-2022 - 18:46

Published

11-04-2019 - 18:29

Last modified

13-06-2022 - 18:46