CVE-2025-4395

MEDIUM

6.8

Descricao

Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

Detalhes CVE

Pontuacao CVSS v3.16.8

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataquePHYSICAL

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado7/24/2025

Ultima modificacao3/27/2026

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-258

Referencias

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01(security@medtronic.com)

https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html(security@medtronic.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.