← volver
CVE-2020-27252

Medtronic MyCareLink Smart Time-of-check Time-of-use Race Condition

CVSS 8.8 HIGHEPSS 3.7%CWE-367
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Productos afectados
Medtronic · Smart Model 25000 Patient Reader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.htmlhttps://us-cert.cisa.gov/ics/advisories/icsma-20-345-01https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01