Vulnerabilities > CVE-2020-25187 - Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

medtronic

CWE-787

critical

NVD

Published: 2020-12-14

Updated: 2020-12-15

Summary

Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device.

Vulnerable Configurations

Part	Description	Count
OS	Medtronic Medtronic Mycarelink Smart Model 25000 Firmware *	1
Hardware	Medtronic Medtronic Mycarelink Smart Model 25000 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01