CVE-2018-10626

Name of the Vulnerable Software and Affected Versions Medtronic MyCareLink Patient Monitor versions 24950 and 24952

Description The issue is related to insufficient data authentication in the Medtronic MyCareLink Patient Monitor. This could allow a remote attacker to upload arbitrary information to the Medtronic CareLink network. An attacker would need to obtain per-product credentials from the monitor and paired implantable cardiac device information to potentially upload invalid data.

Recommendations For Medtronic MyCareLink Patient Monitor versions 24950 and 24952, consider restricting access to the update service until a patch is available. As a temporary workaround, ensure that only authorized personnel have access to per-product credentials and implantable cardiac device information to minimize the risk of exploitation.