CVE-2018-8870

Опубликовано: 03 июл. 2018

Источник: nvd

CVSS3: 6.8

CVSS3: 6.4

CVSS2: 7.2

EPSS Низкий

Описание

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Ссылки

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00044

Низкий

6.8 Medium

CVSS3

6.4 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-259

CWE-798

Связанные уязвимости

GHSA-7jf7-367c-mvv4

CVSS3: 6.8

github

больше 3 лет назад

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

EPSS

Процентиль: 13%

0.00044

Низкий

6.8 Medium

CVSS3

6.4 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-259

CWE-798