Information disclosure in Philips DreamMapper [CVE-2020-14518]
This vulnerability allows a remote attacker to gain access to sensitive information. This vulnerability exists due to how the software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data. The attacker would have to trick the victim to open a a specially crafted app in order to gain access to the logs.
The following versions of DreamMapper, a mobile app used to manage sleep apnea, are affected:
- DreamMapper Version 2.24 and prior
Philips plans a new release for the DreamMapper app by June 30th 2021, that remediates this vulnerability.
Users with questions regarding their specific Philips DreamMapper installations should contact a Philips service support team or regional service support.
The Philips advisory is available at the following URL: http://www.philips.com/productsecurity
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.