Strix
26.1K

CVE-2019-18252

MEDIUMCVSS 4.3/10EPSS 0.46%

Last modified

CVE-2019-18252 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.

Metrics

CVSS 3.1
4.3/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.46%

36.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BiotronikCardiomessenger Ii-S Gsm Firmware2.20
BiotronikCardiomessenger Ii-S T-Line Firmware2.20

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-18252?
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.
How severe is CVE-2019-18252?
CVE-2019-18252 has a CVSS score of 4.3/10 (MEDIUM severity). The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.
How do I fix CVE-2019-18252?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-18252?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST