Vulnerabilities > CVE-2019-5024 - Unspecified vulnerability in Capsuletech Smartlinx Neuron 2 Firmware 6.9.1

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
capsuletech

Summary

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
OS
Capsuletech
1
Hardware
Capsuletech
1

Talos

idTALOS-2019-0785
last seen2019-05-29
published2019-04-08
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0785
titleCapsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability