CVE-2021-38392 Vulnerability Details

  /     /     /  

CVE-2021-38392 Metadata Quick Info

CVE Published: 04/10/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: icscert | Vendor: Boston Scientific | Product: ZOOM LATITUDE
Status : PUBLISHED

CVE-2021-38392 Description

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.

Metrics

CVSS Version: 3.1 | Base Score: 6.5 MEDIUM
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284 Improper Access Control
Source: Boston Scientific

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-38392 Vulnerability Details