← volver
CVE-2018-8870

Medtronic MyCareLink Patient Monitor Use of Hard-coded Password

CVSS 6.4 MEDIUMEPSS 0.4%CWE-259
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Medtronic · 24950 MyCareLink MonitorMedtronic · 24952 MyCareLink Monitor

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.htmlhttps://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01