Main Vulnerability Database Vulnerabilities #VU56993

Improper access control in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38392

Published: October 1, 2021

Vulnerability identifier: #VU56993

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-38392

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120

Software vendor:
Boston Scientific

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can gain access to the hard disk drive of the device to change the telemetry region and can use this setting to interrogate or program an implantable device in any region in the world.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-273-01

Improper access control in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38392

Description

Remediation

External links

Please verify you're human