Details of VAR-201808-0175

ID

VAR-201808-0175

CVE

CVE-2018-10634

TITLE

plural Medtronic Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009686

DESCRIPTION

Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. plural Medtronic The product contains an information disclosure vulnerability.Information may be obtained. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. An information disclosure vulnerability exists in several Medtronic products that originated in the form of clear text communication between pump and wireless accessories. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability

Trust: 2.52

sources: NVD: CVE-2018-10634 // JVNDB: JVNDB-2018-009686 // CNVD: CNVD-2018-18137 // BID: 105044 // VULHUB: VHN-120413

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-18137

AFFECTED PRODUCTS

vendor:	medtronic	model:	minimed 530g	scope:	-	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed 530g mmt-551	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm real-time mmt-722	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm revel mmt-523k	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed 530g mmt-751	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm 508 insulin pump	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm revel mmt-523	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm revel mmt-723k	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm revel mmt-723	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed paradigm real-time mmt-522	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	minimed 508 insulin pump	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm real-time 522 insulin pump	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm real-time 722 insulin pump	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm revel 523	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm revel 523k	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm revel 723	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	minimed paradigm revel 723k	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	mmt mmt minimed 530g	scope:	eq	version:	-551/-751	Trust: 0.6
vendor:	medtronic	model:	mmt 523k mmt 723k paradigm revel	scope:	eq	version:	-/-	Trust: 0.6
vendor:	medtronic	model:	mmt mmt paradigm revel	scope:	eq	version:	-523/-723	Trust: 0.6
vendor:	medtronic	model:	mmt mmt paradigm real-time	scope:	eq	version:	-522/-722	Trust: 0.6
vendor:	medtronic	model:	mmt minimed insulin pump	scope:	eq	version:	-508	Trust: 0.6
vendor:	medtronic	model:	mmt mmt minimed 530g	scope:	eq	version:	-551/-7510	Trust: 0.3
vendor:	medtronic	model:	mmt 523k mmt 723k paradigm revel	scope:	eq	version:	-/-0	Trust: 0.3
vendor:	medtronic	model:	mmt mmt paradigm revel	scope:	eq	version:	-523/-7230	Trust: 0.3
vendor:	medtronic	model:	mmt mmt paradigm real-time	scope:	eq	version:	-522/-7220	Trust: 0.3
vendor:	medtronic	model:	mmt minimed insulin pump	scope:	eq	version:	-5080	Trust: 0.3

sources: CNVD: CNVD-2018-18137 // BID: 105044 // JVNDB: JVNDB-2018-009686 // CNNVD: CNNVD-201808-306 // NVD: CVE-2018-10634

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10634
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-10634
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-18137
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201808-306
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-120413
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-10634
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-18137
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-120413
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-10634
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-18137 // VULHUB: VHN-120413 // JVNDB: JVNDB-2018-009686 // CNNVD: CNNVD-201808-306 // NVD: CVE-2018-10634

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-120413 // JVNDB: JVNDB-2018-009686 // NVD: CVE-2018-10634

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-306

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201808-306

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009686

PATCH

title:

Top Page

url:

https://www.medtronicdiabetes.com/home

Trust: 0.8

sources: JVNDB: JVNDB-2018-009686

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10634	Trust: 3.4
db:	ICS CERT	id:	ICSMA-18-219-02	Trust: 3.4
db:	BID	id:	105044	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-009686	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-306	Trust: 0.7
db:	CNVD	id:	CNVD-2018-18137	Trust: 0.6
db:	VULHUB	id:	VHN-120413	Trust: 0.1

sources: CNVD: CNVD-2018-18137 // VULHUB: VHN-120413 // BID: 105044 // JVNDB: JVNDB-2018-009686 // CNNVD: CNNVD-201808-306 // NVD: CVE-2018-10634

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-219-02	Trust: 3.4
url:	http://www.securityfocus.com/bid/105044	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10634	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10634	Trust: 0.8
url:	http://www.medtronic.com	Trust: 0.3

sources: CNVD: CNVD-2018-18137 // VULHUB: VHN-120413 // BID: 105044 // JVNDB: JVNDB-2018-009686 // CNNVD: CNNVD-201808-306 // NVD: CVE-2018-10634

CREDITS

Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC

Trust: 0.3

sources: BID: 105044

SOURCES

db:	CNVD	id:	CNVD-2018-18137
db:	VULHUB	id:	VHN-120413
db:	BID	id:	105044
db:	JVNDB	id:	JVNDB-2018-009686
db:	CNNVD	id:	CNNVD-201808-306
db:	NVD	id:	CVE-2018-10634

LAST UPDATE DATE

2024-08-14T15:28:49.489000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-18137	date:	2018-09-21T00:00:00
db:	VULHUB	id:	VHN-120413	date:	2019-10-09T00:00:00
db:	BID	id:	105044	date:	2018-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-009686	date:	2018-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201808-306	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-10634	date:	2019-10-09T23:32:58.150

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-18137	date:	2018-09-10T00:00:00
db:	VULHUB	id:	VHN-120413	date:	2018-08-13T00:00:00
db:	BID	id:	105044	date:	2018-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-009686	date:	2018-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201808-306	date:	2018-08-13T00:00:00
db:	NVD	id:	CVE-2018-10634	date:	2018-08-13T21:47:59.040