How severe is CVE-2020-27252?

CVE-2020-27252 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-27252

Name: mycarelink_smart_model_25000
Author: medtronic

8.8HIGH

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R

Опубликовано: 12/14/2020Обновлено: 5/22/2025

Описание

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

ИИ-АнализНа базе ИИ

Затронутые продукты

medtronicmycarelink_smart_model_25000_firmware

medtronicmycarelink_smart_model_25000

Ссылки

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party AdvisoryUS Government Resource