CVE-2021-38400

Summary

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

Affected Software

VendorProductVersion RangeStatus
Boston ScientificZOOM LATITUDEModel 3120affected

Weaknesses

  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort

Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

ADP Enrichment

CVE Program Container

Additional References

References