Directory Traversal Vulnerability in Medtronic 2090 Carelink Programmer
CVE-2018-5448

5.7MEDIUM

Key Information:

Vendor: Medtronic
Status: 2090 Carelink Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 4 May 2018

What is CVE-2018-5448?

The Medtronic 2090 Carelink Programmer has a vulnerability that allows for directory traversal, enabling unauthorized access to files within the software deployment network. This flaw poses a significant risk, as it could allow attackers to read sensitive information stored on the system, potentially leading to further exploitation of the device. System administrators are advised to ensure their systems are updated and to implement necessary security measures to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

2090 CareLink Programmer All versions

29901 Encore Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2018
Vulnerability Reserved
Jan 12, 2018

JSON

Medtronic