CVE-2018-8870

Name of the Vulnerable Software and Affected Versions Medtronic MyCareLink Patient Monitor versions all Medtronic 24950 MyCareLink Monitor versions all Medtronic 24952 MyCareLink Monitor versions all

Description The issue concerns a hard-coded operating system password in the affected devices. An attacker who gains physical access to the device can exploit this by removing the case, connecting to the debug port, and using the password to gain privileged access to the operating system.

Recommendations For Medtronic MyCareLink Patient Monitor, consider restricting physical access to the device to minimize the risk of exploitation. For Medtronic 24950 MyCareLink Monitor, restrict physical access to the device until a fix is available. For Medtronic 24952 MyCareLink Monitor, limit access to the debug port to prevent unauthorized use of the hard-coded password.