Data Exposure Vulnerability in Medtronic N'Vision Clinician Programmer
CVE-2018-8849

4.6MEDIUM

Key Information:

Vendor

Medtronic

Status
N'vision Clinician Programmer
8870 N’vision Removable Application Card
Vendor
CVE Published:
18 May 2018

What is CVE-2018-8849?

The Medtronic N'Vision Clinician Programmer 8840 and the 8870 N'Vision removable Application Card are vulnerable as they do not utilize encryption for personally identifiable information (PII) and protected health information (PHI) while stored. This lack of encryption increases the risk of sensitive data exposure, potentially allowing unauthorized access to critical healthcare data.

Affected Version(s)

8870 N’Vision removable Application Card all versions

N'Vision Clinician Programmer all versions

References

http://www.securityfocus.com/bid/104213
vdb-entryx_refsource_BID
https://www.cisa.gov/news-events/ics-medical-advisories/i...
x_refsource_MISC
http://www.medtronic.com/content/dam/medtronic-com/us-en/...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.