CVE-2018-10596
Summary
| CVE | CVE-2018-10596 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-03 01:29:00 UTC |
| Updated | 2019-10-09 23:32:00 UTC |
| Description | Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Medtronic | 2090 Carelink Programmer | - | All | All | All |
| Hardware | Medtronic | 2090 Carelink Programmer | - | All | All | All |
| Operating System | Medtronic | 2090 Carelink Programmer Firmware | All | All | All | All |
| Operating System | Medtronic | 2090 Carelink Programmer Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Medtronic 2090 Carelink Programmer Vulnerabilities (Update C) | CISA | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.