CVE-2018-5448

low-risk

Published 2018-05-04

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

2090 Carelink Programmer Firmware

Affected Vendors

Medtronic

References (3)

https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-...

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01

/ 100

low-risk

Severity 12/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal