CVE-2020-27252 (GCVE-0-2020-27252)
Vulnerability from cvelistv5
Published
2020-12-14 19:19
Modified
2025-05-22 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
Medtronic MyCareLink Smart 25000 is
vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Medtronic | Smart Model 25000 Patient Reader |
Version: All versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Model 25000 Patient Reader",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sternum, based in Tel Aviv, Israel, discovered and initially reported these vulnerabilities to Medtronic."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic MyCareLink Smart 25000 is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Medtronic MyCareLink Smart 25000 is \n\nvulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T19:39:10.747Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html"
},
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA firmware update to eliminates these vulnerabilities has been developed by Medtronic and is available by updating the MyCareLink Smartapp via the associated mobile application store. Upgrading to the latest v5.2 mobile application version will ensure the Patient Reader is also updated on next use. The user\u2019s smart phone must be updated to the following operating system version for the patches to be applied: iOS 10 and above; Android 6.0 and above.\u003c/p\u003e\u003cp\u003eMedtronic has released additional \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003epatient focused information\u003c/a\u003e: \u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/xg-en/product-security/security-bulletins.html\"\u003ehttps://www.medtronic.com/xg-en/product-security/security-bulletins.html \u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "A firmware update to eliminates these vulnerabilities has been developed by Medtronic and is available by updating the MyCareLink Smartapp via the associated mobile application store. Upgrading to the latest v5.2 mobile application version will ensure the Patient Reader is also updated on next use. The user\u2019s smart phone must be updated to the following operating system version for the patches to be applied: iOS 10 and above; Android 6.0 and above.\n\nMedtronic has released additional patient focused information https://www.medtronic.com/security : \n\n https://www.medtronic.com/xg-en/product-security/security-bulletins.html https://www.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"advisory": "ICSMA-20-345-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink Smart Time-of-check Time-of-use Race Condition",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn response to these vulnerabilities, Medtronic has applied additional controls for monitoring and responding to improper use of the MCL Smart Patient Reader:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMedtronic has implemented enhanced integrity validation (EIV) technology, which provides early detection and real-time mitigation of known vulnerability exploitation attempts.\u003c/li\u003e\u003cli\u003eMedtronic has also implemented advanced detection system technology, which enables device-level logging and monitoring of all device activity and behavior.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic recommends that users take additional defensive measures to minimize risk. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over home monitors.\u003cul\u003e\u003cli\u003eThis includes only using home monitors in private environments such as a home, apartment, or otherwise physically controlled environment.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eUse only home monitors obtained directly from your healthcare provider or a Medtronic representative.\u003c/li\u003e\u003cli\u003ePatients should ensure that the operating system of their mobile phone is updated to the latest version of the available Android or Apple iOS operating system.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eReport any concerning behavior regarding these products to your healthcare provider or a Medtronic representative.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "In response to these vulnerabilities, Medtronic has applied additional controls for monitoring and responding to improper use of the MCL Smart Patient Reader:\n\n * Medtronic has implemented enhanced integrity validation (EIV) technology, which provides early detection and real-time mitigation of known vulnerability exploitation attempts.\n * Medtronic has also implemented advanced detection system technology, which enables device-level logging and monitoring of all device activity and behavior.\n\n\nMedtronic recommends that users take additional defensive measures to minimize risk. Specifically, users should:\n\n * Maintain good physical control over home monitors. * This includes only using home monitors in private environments such as a home, apartment, or otherwise physically controlled environment.\n\n\n\n * Use only home monitors obtained directly from your healthcare provider or a Medtronic representative.\n * Patients should ensure that the operating system of their mobile phone is updated to the latest version of the available Android or Apple iOS operating system.\n\n\nReport any concerning behavior regarding these products to your healthcare provider or a Medtronic representative."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-25183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink Smart 25000 Reader",
"version": {
"version_data": [
{
"version_value": "Smart 25000 all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patient\u2019s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27252",
"datePublished": "2020-12-14T19:19:00.000Z",
"dateReserved": "2020-10-19T00:00:00.000Z",
"dateUpdated": "2025-05-22T19:39:10.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…