CVE-2018-8870
Summary
| CVE | CVE-2018-8870 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-03 01:29:00 UTC |
| Updated | 2019-10-09 23:42:00 UTC |
| Description | Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Medtronic | 24950 Mycarelink Monitor | - | All | All | All |
| Hardware | Medtronic | 24950 Mycarelink Monitor | - | All | All | All |
| Operating System | Medtronic | 24950 Mycarelink Monitor Firmware | - | All | All | All |
| Operating System | Medtronic | 24950 Mycarelink Monitor Firmware | - | All | All | All |
| Hardware | Medtronic | 24952 Mycarelink Monitor | - | All | All | All |
| Hardware | Medtronic | 24952 Mycarelink Monitor | - | All | All | All |
| Operating System | Medtronic | 24952 Mycarelink Monitor Firmware | - | All | All | All |
| Operating System | Medtronic | 24952 Mycarelink Monitor Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Medtronic MyCareLink Patient Monitor | CISA | MISC | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.