CVE-2018-18984

{"id": "CVE-2018-18984", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2018-12-14T15:29:00.700", "references": [{"url": "http://www.securityfocus.com/bid/106215", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/106215", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI."}, {"lang": "es", "value": "Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, en todas las versiones. Los productos afectados no cifran, o no cifran lo suficiente la siguiente informaci\u00f3n sensible PII y PHI cuando est\u00e1 en reposo."}], "lastModified": "2024-11-21T03:56:59.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:carelink_2090_programmer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E80013FE-B9BD-456F-85D3-41C5532AD948"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:carelink_2090_programmer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DAB7778-4921-4953-ACAA-ADE2DD773B0D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:carelink_9790_programmer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74F4132F-F114-4F2D-9ED8-1A6025F3CBF0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:carelink_9790_programmer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97833F56-AD06-42B5-96CF-39551807EDAA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:29901_encore_programmer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D51AA0-C5D7-472E-A95F-5087BAA30B08"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:29901_encore_programmer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A94C34F-2334-40CF-867E-F1FD884F46BE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}