Details of VAR-201807-1689

ID

VAR-201807-1689

CVE

CVE-2018-8868

TITLE

24950 MyCareLink Monitor and 24952 MyCareLink Monitor Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007255

DESCRIPTION

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities

Trust: 2.43

sources: NVD: CVE-2018-8868 // JVNDB: JVNDB-2018-007255 // CNVD: CNVD-2018-12411 // IVD: e2f61640-39ab-11e9-a331-000c29342cb1 // VULHUB: VHN-138900

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f61640-39ab-11e9-a331-000c29342cb1 // CNVD: CNVD-2018-12411

AFFECTED PRODUCTS

vendor:	medtronic	model:	24950 mycarelink monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	24952 mycarelink monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	24950 mycarelink monitor	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	24952 mycarelink monitor	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	mycarelink patient monitor	scope:	eq	version:	24950	Trust: 0.6
vendor:	medtronic	model:	mycarelink patient monitor	scope:	eq	version:	24952	Trust: 0.6
vendor:	24950 mycarelink monitor	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	24952 mycarelink monitor	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f61640-39ab-11e9-a331-000c29342cb1 // CNVD: CNVD-2018-12411 // JVNDB: JVNDB-2018-007255 // CNNVD: CNNVD-201807-182 // NVD: CVE-2018-8868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8868
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2018-8868
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-8868
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-12411
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201807-182
value:	MEDIUM
Trust: 0.6
IVD:	e2f61640-39ab-11e9-a331-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-138900
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-8868
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12411
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f61640-39ab-11e9-a331-000c29342cb1
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138900
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8868
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2018-8868
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.4
impactScore:	5.3
version:	3.1
Trust: 1.0

sources: IVD: e2f61640-39ab-11e9-a331-000c29342cb1 // CNVD: CNVD-2018-12411 // VULHUB: VHN-138900 // JVNDB: JVNDB-2018-007255 // CNNVD: CNNVD-201807-182 // NVD: CVE-2018-8868 // NVD: CVE-2018-8868

PROBLEMTYPE DATA

problemtype:	CWE-749	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-138900 // JVNDB: JVNDB-2018-007255 // NVD: CVE-2018-8868

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-182

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-182

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007255

PATCH

title:

MyCareLink Patient Monitor

url:

https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-007255

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8868	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-179-01	Trust: 3.1
db:	CNNVD	id:	CNNVD-201807-182	Trust: 0.9
db:	CNVD	id:	CNVD-2018-12411	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007255	Trust: 0.8
db:	IVD	id:	E2F61640-39AB-11E9-A331-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-138900	Trust: 0.1

sources: IVD: e2f61640-39ab-11e9-a331-000c29342cb1 // CNVD: CNVD-2018-12411 // VULHUB: VHN-138900 // JVNDB: JVNDB-2018-007255 // CNNVD: CNNVD-201807-182 // NVD: CVE-2018-8868

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-179-01	Trust: 3.1
url:	https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8868	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8868	Trust: 0.8

sources: CNVD: CNVD-2018-12411 // VULHUB: VHN-138900 // JVNDB: JVNDB-2018-007255 // CNNVD: CNNVD-201807-182 // NVD: CVE-2018-8868

SOURCES

db:	IVD	id:	e2f61640-39ab-11e9-a331-000c29342cb1
db:	CNVD	id:	CNVD-2018-12411
db:	VULHUB	id:	VHN-138900
db:	JVNDB	id:	JVNDB-2018-007255
db:	CNNVD	id:	CNNVD-201807-182
db:	NVD	id:	CVE-2018-8868

LAST UPDATE DATE

2025-05-23T23:00:43.436000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12411	date:	2018-07-02T00:00:00
db:	VULHUB	id:	VHN-138900	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-007255	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-182	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8868	date:	2025-05-22T19:15:22.013

SOURCES RELEASE DATE

db:	IVD	id:	e2f61640-39ab-11e9-a331-000c29342cb1	date:	2018-07-02T00:00:00
db:	CNVD	id:	CNVD-2018-12411	date:	2018-07-02T00:00:00
db:	VULHUB	id:	VHN-138900	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007255	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-182	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-8868	date:	2018-07-03T01:29:01.877