Directory Traversal Vulnerability in Medtronic 2090 Carelink Programmer
CVE-2018-5448

5.7MEDIUM

Key Information:

Vendor: Medtronic
Status: 2090 Carelink Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 4 May 2018

What is CVE-2018-5448?

The Medtronic 2090 Carelink Programmer has a vulnerability that allows for directory traversal, enabling unauthorized access to files within the software deployment network. This flaw poses a significant risk, as it could allow attackers to read sensitive information stored on the system, potentially leading to further exploitation of the device. System administrators are advised to ensure their systems are updated and to implement necessary security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

2090 CareLink Programmer All versions

29901 Encore Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2018
Vulnerability Reserved
Jan 12, 2018

JSON