PT-2020-16000 · Medtronic · Mycarelink Smart Mobile App+2

Published

2020-12-14

Updated

2020-12-15

CVE-2020-25183

CVSS v3.1

8.0

High

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Medtronic MyCareLink Smart 25000 all versions

Description The authentication protocol used between the MCL Smart Patient Reader and the MyCareLink Smart mobile app is vulnerable to bypass. This issue allows an attacker to use another mobile device or a malicious app on a smartphone to authenticate to the patient's Smart Reader, making the device believe it is communicating with the actual smartphone application when executed within Bluetooth range.

Recommendations For Medtronic MyCareLink Smart 25000 all versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2020-25183

Affected Products

Mcl Smart Patient Reader

Medtronic Mycarelink Smart 25000

Mycarelink Smart Mobile App

PT-2020-16000 · Medtronic · Mycarelink Smart Mobile App+2

CVE-2020-25183

Weakness Enumeration

Related Identifiers

Affected Products

References · 5