Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.
The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 2090_carelink_programmer_firmware | Medtronic | * | * |
Attackers might be able to spoof the intended endpoint from a different system or process, thus gaining the same level of access as the intended endpoint. While this issue frequently involves authentication between network-based clients and servers, other types of communication channels and endpoints can have this weakness.