How severe is CVE-2019-6538?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-6538?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2019-6538

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-284

View all →

Vulnerability Description

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.

CVE-2011-1762

MEDIUM

CVSS:6.5(Medium)

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post...

CWE-2842011

CVE-2012-4379

MEDIUM

CVSS:6.5(Medium)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in...

CWE-2842012

CVE-2014-1398

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statist...

CWE-2842014

CVE-2014-1399

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspec...

CWE-2842014

CVE-2014-1400

MEDIUM

CVSS:6.5(Medium)

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspeci...

CWE-2842014

CVE-2014-3519

MEDIUM

CVSS:6.5(Medium)

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capa...

CWE-2842014

CVE-2019-6538

Vulnerability Description

Related Vulnerabilities

CVE-2011-1762

CVE-2012-4379

CVE-2014-1398

CVE-2014-1399

CVE-2014-1400

CVE-2014-3519