Improper Authentication in Smart Model 25000 Patient Reader - CVE-2020-25183

 

Improper Authentication in Smart Model 25000 Patient Reader - CVE-2020-25183

Published: December 14, 2020


Vulnerability identifier: #VU48954
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-25183
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Medtronic
Affected software:
Smart Model 25000 Patient Reader

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker on the local network can use another mobile device or malicious application on the patient’s smartphone to bypass authentication process and gain unauthorized access to the application.


How to mitigate CVE-2020-25183

Install updates from vendor's website.

Sources