CVE-2024-1630
📋 TL;DR
A path traversal vulnerability in the 'getAllFolderContents' function of GE HealthCare's Common Service Desktop component allows attackers to access files outside the intended directory. This affects GE HealthCare ultrasound devices running vulnerable versions of the software, potentially exposing sensitive medical data and system files.
💻 Affected Systems
- GE HealthCare ultrasound devices with Common Service Desktop component
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive patient data, system configuration files, or implant malware on medical devices, potentially disrupting critical healthcare operations.
Likely Case
Unauthorized access to sensitive files containing patient information, device configurations, or administrative credentials.
If Mitigated
Limited impact if network segmentation and access controls prevent external access to vulnerable interfaces.
🎯 Exploit Status
Path traversal vulnerabilities typically require minimal technical skill to exploit once details are known
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GE HealthCare security advisory for specific patched versions
Vendor Advisory: https://securityupdate.gehealthcare.com/
Restart Required: Yes
Instructions:
1. Review GE HealthCare security advisory at provided URL
2. Identify affected device models and versions
3. Apply vendor-provided patches following medical device update procedures
4. Restart devices as required
5. Verify patch application through version checking
🔧 Temporary Workarounds
Network Segmentation
allIsolate ultrasound devices from general network access and restrict to necessary medical network segments only
Access Control Restrictions
allImplement strict firewall rules to limit access to device management interfaces
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected devices from untrusted networks
- Monitor device logs for unusual file access patterns and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check device software version against GE HealthCare's advisory and verify if Common Service Desktop component is presentCheck Version:
Check device system information through device interface or consult device documentationVerify Fix Applied:
Verify software version matches patched version specified in vendor advisory and test file access controls📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in device logs
- Access attempts to directories outside expected paths
- Multiple failed file access attempts
Network Indicators:
- Unusual network traffic to device management interfaces
- External IP addresses accessing device file services
SIEM Query:
source="ultrasound_device" AND (event_type="file_access" AND path=".." OR path contains "../")