Main Vulnerability Database Vulnerabilities #VU56991

#VU56991 Use of Password Hash With Insufficient Computational Effort in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38400

Published: October 1, 2021

Vulnerability identifier: #VU56991

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-38400

CWE-ID: CWE-916

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120

Software vendor:
Boston Scientific

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to use of password hash with insufficient computational effort. An attacker with physical access can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-273-01

#VU56991 Use of Password Hash With Insufficient Computational Effort in ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120 - CVE-2021-38400

Description

Remediation

External links

Please verify you're human