Information disclosure in Gehealthcare 1.5t_brivo_mr355
CVE-2020-25179
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
EPSS: 0.013 (68.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Gehealthcare 1.5t_brivo_mr355
- Gehealthcare 1.5t_brivo_mr355_firmware
- Gehealthcare 3.0t_signa_hd_16
- Gehealthcare 3.0t_signa_hd_16_firmware
- Gehealthcare 3.0t_signa_hd_23
- Gehealthcare 3.0t_signa_hd_23_firmware
- Gehealthcare 3.0t_signa_hdxt
- Gehealthcare 3.0t_signa_hdxt_firmware
- Gehealthcare Amx_700
- Gehealthcare Amx_700_firmware
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-25179?
- CVE-2020-25179 is a critical-severity vulnerability in Gehealthcare 1.5t_brivo_mr355, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 9.8/10. Published 2020-12-14.
- How severe is CVE-2020-25179?
- Critical severity. CVSS v3 base score is 9.8 out of 10.