8.8
CVE-2019-10964
- EPSS 0.34%
- Veröffentlicht 28.06.2019 21:15:11
- Zuletzt bearbeitet 22.05.2025 19:15:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ Minimed Paradigm 523 Firmware Version <= 2.4a
Medtronic ≫ Minimed Paradigm 723 Firmware Version <= 2.4a
Medtronic ≫ Minimed Paradigm 523k Firmware Version <= 2.4a
Medtronic ≫ Minimed Paradigm 723k Firmware Version <= 2.4a
Medtronic ≫ Minimed Paradigm Veo 554 Firmware Version <= 2.6a
Medtronic ≫ Minimed Paradigm Veo 754 Firmware Version <= 2.6a
Medtronic ≫ Minimed Paradigm Veo 554cm Firmware Version <= 2.7a
Medtronic ≫ Minimed Paradigm Veo 754cm Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.559 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 5.8 | 6.5 | 6.4 |
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
| ics-cert@hq.dhs.gov | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.