CVE-2018-5448

{"id": "CVE-2018-5448", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2018-05-04T18:29:00.570", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system."}, {"lang": "es", "value": "Todas las versiones de Medtronic 2090 Carelink Programmer se han visto afectadas por una vulnerabilidad de salto de directorio en la que la red de despliegue del software del producto podr\u00eda permitir que un atacante lea archivos en el sistema."}], "lastModified": "2024-11-21T04:08:49.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:2090_carelink_programmer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "884B08DC-B6F9-4B34-9679-61C256437DF9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:2090_carelink_programmer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "215ED381-B433-4D05-97AD-4E7287E5820D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}