6.9
CVE-2018-8868
- EPSS 0.33%
- Veröffentlicht 03.07.2018 01:29:01
- Zuletzt bearbeitet 22.05.2025 19:15:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ 24950 Mycarelink Monitor Firmware Version-
Medtronic ≫ 24952 Mycarelink Monitor Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.249 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 0.5 | 5.9 |
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 6.2 | 0.4 | 5.3 |
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
|
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html