Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows…
icscert·CWE-367·Published 2020-12-14
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
Todas las versiones de Medtronic MyCareLink Smart 25000 son vulnerables a una condición de carrera en el sistema de actualización del software MCL Smart Patient Reader, que permite que el firmware sin firmar sea cargado y ejecutado en el Patient Reader. Si es explotado, un atacante podría ejecutar remotamente el código en el dispositivo MCL Smart Patient Reader, conllevando a un control del dispositivo
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 9.3 | 8.6 | 10.0 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| 3.1 | Primary | cve.org | 8.8 | — | — | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
| 3.1 | Primary | NVD | 8.1 | 2.2 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | NVD | 8.8 | 2.1 | 6.0 | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |