Vulnerabilities > CVE-2020-25187 - Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

medtronic

CWE-787

critical

NVD

Published: 2020-12-14

Updated: 2020-12-15

Summary

Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.

Vulnerable Configurations

Part	Description	Count
OS	Medtronic Medtronic Mycarelink Smart Model 25000 Firmware *	1
Hardware	Medtronic Medtronic Mycarelink Smart Model 25000 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01