VAR-201807-1689
Vulnerability from variot - Updated: 2023-12-18 13:19Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"cve": "CVE-2018-8868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12411",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-138900",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8868",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8868",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F61640-39AB-11E9-A331-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138900",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"id": "VAR-201807-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
}
]
},
"last_update_date": "2023-12-18T13:19:01.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8868"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2018-07-03T01:29:01.877000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2019-10-09T23:42:59.550000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…