CVE-2021-38400
6.9
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L
Summary
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Boston Scientific | ZOOM LATITUDE | Model 3120 | affected |
Weaknesses
- CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort
Workarounds
Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.