CVE-2024-1486
HIGHGE HealthCare ultrasound devices - Privilege Escalation
Title source: llmDescription
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
References (1)
Core 1
Core References
Various Sources
https://securityupdate.gehealthcare.com/
Scores
CVSS v3
7.4
EPSS
0.0006
EPSS Percentile
18.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-732
Status
published
Products (24)
GE HealthCare/Invenia ABUS
1.2.3
GE HealthCare/Invenia ABUS 2.0
< 2.2.9
GE HealthCare/LOGIQ e
R7 - R9.1.4
GE HealthCare/LOGIQ e
R8 - R10.1.3
GE HealthCare/LOGIQ e
R9 - R11.0.2
GE HealthCare/LOGIQ He
< R9.3.1
GE HealthCare/Venue
R1
GE HealthCare/Venue
R2
GE HealthCare/Venue
R3 - R3.3
GE HealthCare/Venue
R4 - R4.2
... and 14 more
Published
May 14, 2024
Tracked Since
Feb 18, 2026