← voltar
CVE-2020-27252

Medtronic MyCareLink Smart Time-of-check Time-of-use Race Condition

CVSS 8.8 HIGHEPSS 3.7%CWE-367
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Medtronic · Smart Model 25000 Patient Reader

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.htmlhttps://us-cert.cisa.gov/ics/advisories/icsma-20-345-01https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01