CVE-2017-14014
low-risk
Published 2018-05-01
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (1)
Zoom Latitude Prm 3120 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/101510
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01
Third Party Advisory
http://www.securityfocus.com/bid/101510
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01
21
/ 100
low-risk
Severity
16/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal