Main Vulnerability Database Vulnerabilities #VU56992

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38394

Published: October 1, 2021

Vulnerability identifier: #VU56992

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-38394

CWE-ID: CWE-1278

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120

Software vendor:
Boston Scientific

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to missing protection against hardware reverse engineering using integrated circuit (IC) imaging techniques. An attacker with physical access can extract the binary that checks for the hardware key and reverse engineer it and use it to create a physical duplicate of a valid hardware key.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-273-01

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38394

Description

Remediation

External links

Please verify you're human