CVE-2021-38394

Summary

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.

Affected Software

VendorProductVersion RangeStatus
Boston ScientificZOOM LATITUDEModel 3120affected

Weaknesses

  • CWE-1278: CWE-1278

Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

ADP Enrichment

CVE Program Container

Additional References

References