{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-36549", "TITLE": "GE Voluson S8 Windows Operating System Patches privileges management", "REQUESTER": "cna@vuldb.com", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "generator": "vuldb.com", "affects": { "vendor": { "vendor_data": [ { "vendor_name": "GE", "product": { "product_data": [ { "product_name": "Voluson S8", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-269 Improper Privilege Management" } ] } ] }, "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed." } ] }, "credit": "Marc Ruef/Rocco Gagliardi", "impact": { "cvss": { "version": "3.1", "baseScore": "8.8", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } }, "references": { "reference_data": [ { "url": "https://www.scip.ch/?news.20200701", "refsource": "MISC", "name": "https://www.scip.ch/?news.20200701" }, { "url": "https://vuldb.com/?id.129835", "refsource": "MISC", "name": "https://vuldb.com/?id.129835" } ] } }