CVE-2021-38396

Summary

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.

Affected Software

VendorProductVersion RangeStatus
Boston ScientificZOOM LATITUDEModel 3120affected

Weaknesses

  • CWE-353: CWE-353 Missing Support for Integrity Check

Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

ADP Enrichment

CVE Program Container

Additional References

References