Vulnerability in Medtronic CareLink Programmer Allows Unauthorized Update Manipulation
CVE-2018-10596

8HIGH

Key Information:

Vendor: Medtronic
Status: 2090 Carelink Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 3 July 2018

What is CVE-2018-10596?

The Medtronic 2090 CareLink Programmer is susceptible to a communication manipulation vulnerability. This issue arises because the device establishes a virtual private network (VPN) connection to securely download updates, but it fails to verify its ongoing connection to this VPN before initiating the download process. If an attacker gains local network access to the programmer, they may exploit this flaw to influence the update communications, potentially leading to unauthorized updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

2090 CareLink Programmer All versions

29901 Encore Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2018
Vulnerability Reserved
May 1, 2018

JSON

Medtronic

What is CVE-2018-10596?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.