PT-2020-16003 · Medtronic · Mcl Smart Reader+1

Christopher Kruegel

Published

2020-12-14

Updated

2020-12-15

CVE-2020-25187

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Medtronic MyCareLink Smart 25000 all versions

Description The issue allows an attacker who gains authentication to run a debug command, which is sent to the reader, causing a heap overflow in the MCL Smart Reader stack. This heap overflow enables the attacker to remotely execute code on the MCL Smart Reader, potentially leading to control of the device.

Recommendations For Medtronic MyCareLink Smart 25000 all versions, as a temporary workaround, consider restricting access to the debug command until a patch is available. Additionally, restrict access to the MCL Smart Reader to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

CVE-2020-25187

Affected Products

Mcl Smart Reader

Medtronic Mycarelink Smart 25000

PT-2020-16003 · Medtronic · Mcl Smart Reader+1

CVE-2020-25187

Weakness Enumeration

Related Identifiers

Affected Products

References · 5