CVE-2021-38396
6.5
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Summary
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Boston Scientific | ZOOM LATITUDE | Model 3120 | affected |
Weaknesses
- CWE-353: CWE-353 Missing Support for Integrity Check
Workarounds
Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.