CVE-2020-25183— Medtronic MyCareLink Smart Model 25000 Patient Reader 授权问题漏洞

Medtronic MyCareLink Smart Improper Authentication

Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass. This vulnerability enables an attacker to use another mobile device or malicious application on the patient’s smartphone to authenticate to the patient’s Medtronic Smart Reader, fooling the device into believing it is communicating with the original Medtronic smart phone application when executed within range of Bluetooth communication.

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

认证机制不恰当

Medtronic MyCareLink Smart Model 25000 Patient Reader 授权问题漏洞

Medtronic MyCareLink Smart Model 25000 Patient Reader是印度Medtronic公司的一个用于医疗行业可与医疗设备进行可视化交互的阅读器。 Medtronic MyCareLink Smart Model 25000 Patient Reader 存在授权问题漏洞，该漏洞可用于绕过MCL Smart Patient Reader和Medtronic MyCareLink Smart移动应用之间的身份验证方法。利用此漏洞，攻击者可以使用患者智能手机上的其他移

N/A

N/A