CVE-2021-38400

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120:-:*:*:*:*:*:*:*

History

13 Oct 2021, 17:55

Type Values Removed Values Added
References (MISC) https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 - (MISC) https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : 4.6
v3 : 6.8
CPE cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120:-:*:*:*:*:*:*:*

04 Oct 2021, 18:18

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-04 18:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-38400

Mitre link : CVE-2021-38400

CVE.ORG link : CVE-2021-38400


JSON object : View

Products Affected

bostonscientific

  • zoom_latitude_pogrammer\/recorder\/monitor_3120
  • zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort