Overview
- Description
- Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.2
- Impact score
- 6.4
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronic:2090_carelink_programmer_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "884B08DC-B6F9-4B34-9679-61C256437DF9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronic:2090_carelink_programmer:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "215ED381-B433-4D05-97AD-4E7287E5820D"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]