var-201805-0937
Vulnerability from variot
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N'Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N'Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n\\\u0027vision 8840",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "n\\\u0027vision 8870",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "8840 n\u2019vision clinician programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "8870 n\u2019vision removable application card",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8870"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8840"
},
{
"model": "n??vision application card",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88700"
},
{
"model": "n??vision clinician programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88400"
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8870*"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8840*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8840_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios of Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "104213"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8849",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-10004",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-138881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-8849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8849",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8849",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138881",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer 8840 N\u0027Vision Clinician Programmer, all versions, and 8870 N\u0027Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. The Medtronic N\u0027Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N\u0027Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N\u0027Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8849",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-137-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104213",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EFAD9E-39AB-11E9-87B8-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138881",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"id": "VAR-201805-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
]
},
"last_update_date": "2024-11-23T21:53:08.393000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N\u2019Vision 8840 Physician Programmer",
"trust": 0.8,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-137-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104213"
},
{
"trust": 1.7,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic-nvision-8840_security-bulletin_final.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8849"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8849"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2018-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"date": "2018-05-18T13:29:00.427000",
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"date": "2024-11-21T04:14:26.837000",
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104213"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…