CVE-2018-8868

Name of the Vulnerable Software and Affected Versions Medtronic MyCareLink Patient Monitor versions all Medtronic 24950 MyCareLink Monitor versions all Medtronic 24952 MyCareLink Monitor versions all

Description The issue concerns debug code in the Medtronic MyCareLink Patient Monitor and specific MyCareLink Monitor models, which is meant to test communication interfaces, including those between the monitor and implantable cardiac devices. An attacker with physical access to the device can exploit this debug functionality to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. This can be done by an attacker in close physical proximity to a target implantable cardiac device.

Recommendations For Medtronic MyCareLink Patient Monitor versions all, consider disabling the debug functionality until a patch is available. For Medtronic 24950 MyCareLink Monitor versions all, restrict access to the debug interface to minimize the risk of exploitation. For Medtronic 24952 MyCareLink Monitor versions all, avoid using the debug functionality in environments where implantable cardiac devices are used until the issue is resolved.