Lucene search

[email protected]CVE-2018-8870

HistoryJul 03, 2018 - 1:29 a.m.

CVE-2018-8870

2018-07-0301:29:01

CWE-798

CWE-259

[email protected]

web.nvd.nist.gov

medtronic

mycarelink

patient monitor

hard-coded password

os vulnerability

physical access

nvd

cve-2018-8870

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Affected configurations

NVD

Node

medtronic24950_mycarelink_monitor_firmwareMatch-

AND

medtronic24950_mycarelink_monitorMatch-

Node

medtronic24952_mycarelink_monitor_firmwareMatch-

AND

medtronic24952_mycarelink_monitorMatch-

CPENameOperatorVersion
medtronic:24950_mycarelink_monitor_firmwaremedtronic 24950 mycarelink monitor firmwareeq-

CPE	Name	Operator	Version
medtronic:24950_mycarelink_monitor_firmware	medtronic 24950 mycarelink monitor firmware	eq	-

CNA Affected

[
  {
    "product": "Medtronic MyCareLink Patient Monitor",
    "vendor": "ICS-CERT",
    "versions": [
      {
        "status": "affected",
        "version": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
      }
    ]
  }
]

References

ics-cert.us-cert.gov/advisories/ICSMA-18-179-01

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVE-2018-8870

cvelist1 nvd1 prion1 ics1