← Back

CVE-2018-8868

nvd nist
Published: Jul 3, 2018Modified: May 22, 2025

JSON object

Loading...
6.4
Vector
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.5 / Impact: 5.9
Source: NVD

Description

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.

Affected (2)

Medtronic
2 products
24950 Mycarelink Monitor Firmware
24952 Mycarelink Monitor Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
24950 Mycarelink Monitor Firmware
All versions
Running on/withPlatform Versions
Medtronic
24950 Mycarelink Monitor
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
24952 Mycarelink Monitor Firmware
All versions
Running on/withPlatform Versions
Medtronic
24952 Mycarelink Monitor
All versions

Related CWEs

CWE-749
Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (3)

Source: ics-cert@hq.dhs.gov
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.