VAR-201812-0476
Vulnerability from variot - Updated: 2023-12-18 12:00Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Medtronic CareLink and Encore Programmers are prone to a security weakness that may allow attackers to obtain sensitive information. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carelink 2090 programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "29901 encore programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "carelink 9790 programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "2090 carelink programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "29901 carelink encore programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "9790 carelink programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "97900"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "encore programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "299010"
}
],
"sources": [
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_2090_programmer_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_2090_programmer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_9790_programmer_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_9790_programmer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:29901_encore_programmer_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:29901_encore_programmer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Jonathan Butts from Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "106215"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18984",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-129598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18984",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18984",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129598",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Medtronic CareLink and Encore Programmers are prone to a security weakness that may allow attackers to obtain sensitive information. \nSuccessfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "VULHUB",
"id": "VHN-129598"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18984",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-18-347-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106215",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98836",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129598",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"id": "VAR-201812-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
}
],
"trust": 0.9
},
"last_update_date": "2023-12-18T12:00:50.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-347-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106215"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18984"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18984"
},
{
"trust": 0.3,
"url": "https://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-129598"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106215"
},
{
"date": "2019-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"date": "2018-12-14T15:29:00.700000",
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-129598"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106215"
},
{
"date": "2019-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"date": "2020-09-18T16:54:07.023000",
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106215"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…