CVE-2020-36548 MEDIUM

CVE-2020-36548: GE Voluson S8 Service Browser users.cgi improper authentication

Vendor Ge
Product Voluson S8
Weakness CWE-287 · Improper authentication
Published June 17, 2022
Last update April 16, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.

Key dates

02Disclosure timeline

June 17, 2022 CVE published
April 16, 2025 Record updated