8 matches found
CVE-2018-10596
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a...
CVE-2018-10596 Medtronic 2090 Carelink Programmer Improper Restriction of Communication Channel to Intended Endpoints
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a...
CVE-2018-10596
CVE-2018-10596 affects the Medtronic 2090 CareLink Programmer (and 29901 Encore Programmer) where software downloads updates over a VPN-protected network via HTTP without verifying VPN persistence or update source. The root issue is improper restriction of communication channels to intended endpo...
Directory traversal
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system...
CVE-2018-5446
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...
CVE-2018-5446
CVE-2018-5446 affects Medtronic CareLink programmers (2090 CareLink Programmer and 29901 Encore Programmer). The flaw arises from passwords stored in a recoverable format, enabling credential exposure when physical access is present. ICS-CERT advisory and subsequent updates document a CVSS v3 bas...
CVE-2018-5446 Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...
CVE-2018-5448
CVE-2018-5448 affects Medtronic 2090 CareLink Programmer and 29901 Encore Programmer via the CareLink SDN. The vulnerability is a relative path traversal in the software deployment network that could allow an attacker to read files on the system. ICS-CERT advisory Update C/Update B describes this...