CVE-2020-27252

Опубликовано: 14 дек. 2020

Источник: nvd

CVSS3: 8.8

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

Medtronic MyCareLink Smart 25000 is

vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

Ссылки

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:medtronic:mycarelink_smart_model_25000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:mycarelink_smart_model_25000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00598

Низкий

8.8 High

CVSS3

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-367

Связанные уязвимости

GHSA-qmhj-wg3r-x2h5

CVSS3: 8.1

github

больше 3 лет назад

Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

EPSS

Процентиль: 69%

0.00598

Низкий

8.8 High

CVSS3

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-367