Improper access control in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38392

 

Improper access control in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38392

Published: October 1, 2021


Vulnerability identifier: #VU56993
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-38392
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Boston Scientific
Affected software:
ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can gain access to the hard disk drive of the device to change the telemetry region and can use this setting to interrogate or program an implantable device in any region in the world.


How to mitigate CVE-2021-38392

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources