CVE-2020-25183
HIGHMedtronic MyCareLink Smart Model 25000 Firmware - Authentication Bypass via Bluetooth Communication
Title source: llmDescription
Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass. This vulnerability enables an attacker to use another mobile device or malicious application on the patient’s smartphone to authenticate to the patient’s Medtronic Smart Reader, fooling the device into believing it is communicating with the original Medtronic smart phone application when executed within range of Bluetooth communication.
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
Scores
CVSS v3
8.0
EPSS
0.0079
EPSS Percentile
51.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
medtronic/mycarelink_smart_model_25000_firmware
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026