Sign-up

ID

VAR-201812-0476


CVE

CVE-2018-18984


TITLE

plural Medtronic Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014352

DESCRIPTION

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device

Trust: 1.98

sources: NVD: CVE-2018-18984 // JVNDB: JVNDB-2018-014352 // BID: 106215 // VULHUB: VHN-129598

AFFECTED PRODUCTS

vendor:medtronicmodel:carelink 9790 programmerscope:eqversion:*

Trust: 1.0

vendor:medtronicmodel:29901 encore programmerscope:eqversion:*

Trust: 1.0

vendor:medtronicmodel:carelink 2090 programmerscope:eqversion:*

Trust: 1.0

vendor:medtronicmodel:2090 carelink programmerscope: - version: -

Trust: 0.8

vendor:medtronicmodel:29901 carelink encore programmerscope: - version: -

Trust: 0.8

vendor:medtronicmodel:9790 carelink programmerscope: - version: -

Trust: 0.8

vendor:medtronicmodel:carelink programmerscope:eqversion:97900

Trust: 0.3

vendor:medtronicmodel:carelink programmerscope:eqversion:20900

Trust: 0.3

vendor:medtronicmodel:encore programmerscope:eqversion:299010

Trust: 0.3

sources: BID: 106215 // JVNDB: JVNDB-2018-014352 // NVD: CVE-2018-18984

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18984
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2018-18984
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-18984
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201812-661
value: MEDIUM

Trust: 0.6

VULHUB: VHN-129598
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-18984
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-129598
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18984
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2018-18984
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-129598 // JVNDB: JVNDB-2018-014352 // CNNVD: CNNVD-201812-661 // NVD: CVE-2018-18984 // NVD: CVE-2018-18984

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-129598 // JVNDB: JVNDB-2018-014352 // NVD: CVE-2018-18984

THREAT TYPE

local

Trust: 0.3

sources: BID: 106215

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-661

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014352

PATCH
title:Top Pageurl:https://www.medtronicdiabetes.com/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014352

EXTERNAL IDS
db:NVDid:CVE-2018-18984
Trust: 2.8
db:ICS CERTid:ICSMA-18-347-01
Trust: 2.8
db:BIDid:106215
Trust: 2.0
db:JVNDBid:JVNDB-2018-014352
Trust: 0.8
db:CNNVDid:CNNVD-201812-661
Trust: 0.7
db:SEEBUGid:SSVID-98836
Trust: 0.1
db:VULHUBid:VHN-129598
Trust: 0.1
sources:
            
            
            VULHUB: VHN-129598 // 
            
            
            
            BID: 106215 // 
            
            
            
            JVNDB: JVNDB-2018-014352 // 
            
            
            
            CNNVD: CNNVD-201812-661 // 
            
            
            
            NVD: CVE-2018-18984

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-347-01
Trust: 2.8
url:http://www.securityfocus.com/bid/106215
Trust: 1.7
url:https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-9790-2090-29901.html
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18984
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18984
Trust: 0.8
url:https://www.medtronic.com/us-en/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-129598 // 
            
            
            
            BID: 106215 // 
            
            
            
            JVNDB: JVNDB-2018-014352 // 
            
            
            
            CNNVD: CNNVD-201812-661 // 
            
            
            
            NVD: CVE-2018-18984

CREDITS
Billy Rios and Jonathan Butts from Whitescope LLC
Trust: 0.3
sources:
            
            
            BID: 106215

SOURCES
db:VULHUBid:VHN-129598
db:BIDid:106215
db:JVNDBid:JVNDB-2018-014352
db:CNNVDid:CNNVD-201812-661
db:NVDid:CVE-2018-18984

LAST UPDATE DATE
2025-05-23T23:28:18.714000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-129598date:2020-09-18T00:00:00
db:BIDid:106215date:2018-12-13T00:00:00
db:JVNDBid:JVNDB-2018-014352date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201812-661date:2020-10-22T00:00:00
db:NVDid:CVE-2018-18984date:2025-05-22T17:15:22.570

SOURCES RELEASE DATE
db:VULHUBid:VHN-129598date:2018-12-14T00:00:00
db:BIDid:106215date:2018-12-13T00:00:00
db:JVNDBid:JVNDB-2018-014352date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201812-661date:2018-12-14T00:00:00
db:NVDid:CVE-2018-18984date:2018-12-14T15:29:00.700