CVE-2018-5448

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

CVSS v3 4.8 MEDIUM
CVSS v2.0 2.7 LOW

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.7^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:medtronic:2090_carelink_programmer_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:2090_carelink_programmer:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-04 18:29

Updated : 2025-05-22 18:15

NVD link : CVE-2018-5448

Mitre link : CVE-2018-5448

CVE.ORG link : CVE-2018-5448

JSON object : View

Products Affected

medtronic

2090_carelink_programmer_firmware
2090_carelink_programmer

CWE

CWE-23

Relative Path Traversal

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2018-5448", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}], "cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2018-05-04T18:29:00.570", "references": [{"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01", "source": "[email protected]"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-23"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Medtronic 2090 CareLink Programmer\u2019s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system."}, {"lang": "es", "value": "Todas las versiones de Medtronic 2090 Carelink Programmer se han visto afectadas por una vulnerabilidad de salto de directorio en la que la red de despliegue del software del producto podr\u00eda permitir que un atacante lea archivos en el sistema."}], "lastModified": "2025-05-22T18:15:23.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:2090_carelink_programmer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "884B08DC-B6F9-4B34-9679-61C256437DF9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:2090_carelink_programmer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "215ED381-B433-4D05-97AD-4E7287E5820D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}