CVE-2021-38394
6.2
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
Summary
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Boston Scientific | ZOOM LATITUDE | Model 3120 | affected |
Weaknesses
- CWE-1278: CWE-1278
Workarounds
Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.