IcscertCVELIST:CVE-2021-38394CVE-2021-38394 Missing Protection against Hardware Reverse Engineering Using Integrated Circuit Imaging Techniques for Boston Scientific Zoom Latitude
6.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.6%
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.
CNA Affected
[
{
"product": "ZOOM LATITUDE",
"vendor": "Boston Scientific",
"versions": [
{
"status": "affected",
"version": "Model 3120"
}
]
}
]Related
6.2 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.6%