Use of Hard-coded Password

CVE-2018-8870

Medium

6.4/10

Summary

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Attack Complexity: HIGH
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-259 - Use of Hard-coded Password

The software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References

Advisory Timeline

Published Jul 03, 2018

Use of Hard-coded Password

CVE-2018-8870

Summary

CWE-259 - Use of Hard-coded Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS