CVE-2022-41627
Summary
| CVE | CVE-2022-41627 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-27 21:15:00 UTC |
| Updated | 2023-11-07 03:52:00 UTC |
| Description | The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves. |
Risk And Classification
Problem Types: CWE-319
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Alivecor | Kardiamobile | - | All | All | All |
| Hardware | Alivecor | Kardiamobile 6l | - | All | All | All |
| Operating System | Alivecor | Kardiamobile 6l Firmware | - | All | All | All |
| Hardware | Alivecor | Kardiamobile Card | - | All | All | All |
| Operating System | Alivecor | Kardiamobile Card Firmware | - | All | All | All |
| Operating System | Alivecor | Kardiamobile Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| AliveCor KardiaMobile | CISA | MISC | www.cisa.gov | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.