Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38394

 

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38394

Published: October 1, 2021


Vulnerability identifier: #VU56992
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-38394
CWE-ID: CWE-1278
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Boston Scientific
Affected software:
ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to missing protection against hardware reverse engineering using integrated circuit (IC) imaging techniques. An attacker with physical access can extract the binary that checks for the hardware key and reverse engineer it and use it to create a physical duplicate of a valid hardware key.


How to mitigate CVE-2021-38394

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources