How severe is CVE-2020-27252?

CVE-2020-27252 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-27252

Name: mycarelink_smart_model_25000
Author: medtronic

8.8HIGH

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R

发布于: 12/14/2020更新于: 5/22/2025

描述

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

AI分析AI驱动

受影响产品

medtronicmycarelink_smart_model_25000_firmware

medtronicmycarelink_smart_model_25000

参考资料

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party AdvisoryUS Government Resource