Authentication Vulnerability in Medtronic 2090 Carelink Programmer
CVE-2018-5446

5.3MEDIUM

Key Information:

Vendor: Medtronic
Status: 2090 Carelink Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 4 May 2018

What is CVE-2018-5446?

The Medtronic 2090 Carelink Programmer has a significant security issue where sensitive per-product usernames and passwords are stored in a recoverable format. This flaw exposes the credentials to attackers who gain physical access to the device, potentially allowing unauthorized access to the software deployment network. The inherent weaknesses in the credential management practices pose serious risks in healthcare environments, necessitating immediate attention and remediation.

Affected Version(s)

2090 CareLink Programmer All versions

29901 Encore Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2018
Vulnerability Reserved
Jan 12, 2018

JSON