CVE-2021-38396

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120:-:*:*:*:*:*:*:*

Information

Published : 2021-10-04 18:15

Updated : 2021-10-13 20:14


NVD link : CVE-2021-38396

Mitre link : CVE-2021-38396


JSON object : View

Products Affected

bostonscientific

  • zoom_latitude_pogrammer\/recorder\/monitor_3120
  • zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware
CWE
CWE-345

Insufficient Verification of Data Authenticity