Sign-up

ID

VAR-201808-0370


CVE

CVE-2018-14781


TITLE

plural Medtronic Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009527

DESCRIPTION

Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. plural Medtronic The product contains authentication vulnerabilities.Information may be tampered with. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. An authorization issue vulnerability exists in several Medtronic products

Trust: 2.61

sources: NVD: CVE-2018-14781 // JVNDB: JVNDB-2018-009527 // CNVD: CNVD-2018-19605 // BID: 105044 // VULHUB: VHN-124975 // VULMON: CVE-2018-14781

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-19605

AFFECTED PRODUCTS

vendor:medtronicmodel:minimed 530gscope: - version: -

Trust: 1.6

vendor:medtronicdiabetesmodel:551 minimed 530gscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:723 paradigm revelscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:751 minimed 530gscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:523k paradigm revelscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:522 paradigm real-timescope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:722 paradigm real-timescope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:523 paradigm revelscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:508 minimed insulin pumpscope:eqversion: -

Trust: 1.6

vendor:medtronicdiabetesmodel:723k paradigm revelscope:eqversion: -

Trust: 1.6

vendor:medtronicmodel:minimed paradigm 508 insulin pumpscope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm real-time 522 insulin pumpscope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm real-time 722 insulin pumpscope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm revel 523scope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm revel 523kscope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm revel 723scope: - version: -

Trust: 0.8

vendor:medtronicmodel:minimed paradigm revel 723kscope: - version: -

Trust: 0.8

vendor:medtronicmodel:mmt mmt minimed 530gscope:eqversion:-551/-751

Trust: 0.6

vendor:medtronicmodel:mmt 523k mmt 723k paradigm revelscope:eqversion:-/-

Trust: 0.6

vendor:medtronicmodel:mmt mmt paradigm revelscope:eqversion:-523/-723

Trust: 0.6

vendor:medtronicmodel:mmt mmt paradigm real-timescope:eqversion:-522/-722

Trust: 0.6

vendor:medtronicmodel:mmt minimed insulin pumpscope:eqversion:-508

Trust: 0.6

vendor:medtronicmodel:mmt mmt minimed 530gscope:eqversion:-551/-7510

Trust: 0.3

vendor:medtronicmodel:mmt 523k mmt 723k paradigm revelscope:eqversion:-/-0

Trust: 0.3

vendor:medtronicmodel:mmt mmt paradigm revelscope:eqversion:-523/-7230

Trust: 0.3

vendor:medtronicmodel:mmt mmt paradigm real-timescope:eqversion:-522/-7220

Trust: 0.3

vendor:medtronicmodel:mmt minimed insulin pumpscope:eqversion:-5080

Trust: 0.3

sources: CNVD: CNVD-2018-19605 // BID: 105044 // JVNDB: JVNDB-2018-009527 // CNNVD: CNNVD-201808-307 // NVD: CVE-2018-14781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14781
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-14781
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-19605
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201808-307
value: MEDIUM

Trust: 0.6

VULHUB: VHN-124975
value: LOW

Trust: 0.1

VULMON: CVE-2018-14781
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-14781
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-19605
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124975
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14781
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-19605 // VULHUB: VHN-124975 // VULMON: CVE-2018-14781 // JVNDB: JVNDB-2018-009527 // CNNVD: CNNVD-201808-307 // NVD: CVE-2018-14781

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-294

Trust: 1.0

sources: VULHUB: VHN-124975 // JVNDB: JVNDB-2018-009527 // NVD: CVE-2018-14781

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201808-307

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201808-307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009527

PATCH
title:Top Pageurl:https://www.medtronicdiabetes.com/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009527

EXTERNAL IDS
db:NVDid:CVE-2018-14781
Trust: 3.5
db:ICS CERTid:ICSMA-18-219-02
Trust: 3.5
db:BIDid:105044
Trust: 2.1
db:JVNDBid:JVNDB-2018-009527
Trust: 0.8
db:CNNVDid:CNNVD-201808-307
Trust: 0.7
db:CNVDid:CNVD-2018-19605
Trust: 0.6
db:VULHUBid:VHN-124975
Trust: 0.1
db:VULMONid:CVE-2018-14781
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-19605 // 
            
            
            
            VULHUB: VHN-124975 // 
            
            
            
            VULMON: CVE-2018-14781 // 
            
            
            
            BID: 105044 // 
            
            
            
            JVNDB: JVNDB-2018-009527 // 
            
            
            
            CNNVD: CNNVD-201808-307 // 
            
            
            
            NVD: CVE-2018-14781

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-219-02
Trust: 3.6
url:http://www.securityfocus.com/bid/105044
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14781
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14781
Trust: 0.8
url:http://www.medtronic.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-19605 // 
            
            
            
            VULHUB: VHN-124975 // 
            
            
            
            VULMON: CVE-2018-14781 // 
            
            
            
            BID: 105044 // 
            
            
            
            JVNDB: JVNDB-2018-009527 // 
            
            
            
            CNNVD: CNNVD-201808-307 // 
            
            
            
            NVD: CVE-2018-14781

CREDITS
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC
Trust: 0.3
sources:
            
            
            BID: 105044

SOURCES
db:CNVDid:CNVD-2018-19605
db:VULHUBid:VHN-124975
db:VULMONid:CVE-2018-14781
db:BIDid:105044
db:JVNDBid:JVNDB-2018-009527
db:CNNVDid:CNNVD-201808-307
db:NVDid:CVE-2018-14781

LAST UPDATE DATE
2024-08-14T15:28:49.526000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-19605date:2018-09-21T00:00:00
db:VULHUBid:VHN-124975date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-14781date:2019-10-09T00:00:00
db:BIDid:105044date:2018-08-07T00:00:00
db:JVNDBid:JVNDB-2018-009527date:2018-11-21T00:00:00
db:CNNVDid:CNNVD-201808-307date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14781date:2019-10-09T23:35:11.500

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-19605date:2018-09-21T00:00:00
db:VULHUBid:VHN-124975date:2018-08-13T00:00:00
db:VULMONid:CVE-2018-14781date:2018-08-13T00:00:00
db:BIDid:105044date:2018-08-07T00:00:00
db:JVNDBid:JVNDB-2018-009527date:2018-11-21T00:00:00
db:CNNVDid:CNNVD-201808-307date:2018-08-13T00:00:00
db:NVDid:CVE-2018-14781date:2018-08-13T21:48:01.227