CVE-2018-10626
3.8 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:S/C:P/I:P/A:N
4.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.6%
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
Affected configurations
CNA Affected
[
{
"product": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]Related
3.8 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:S/C:P/I:P/A:N
4.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
4.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.6%