CVE-2020-25187

Опубликовано: 14 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

Medtronic MyCareLink Smart 25000 is

vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allow an attacker to remotely execute code on the MCL Smart Patient Reader, potentially leading to control of the device

Ссылки

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:medtronic:mycarelink_smart_model_25000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:mycarelink_smart_model_25000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01274

Низкий

8.8 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-4m4f-3m29-78r8

CVSS3: 9.8

github

больше 3 лет назад

Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.

EPSS

Процентиль: 79%

0.01274

Низкий

8.8 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-122

CWE-787