CVE-2018-10631 MEDIUM

CVE-2018-10631: Medtronic N'Vision Clinician Programmer Protection Mechanism Failure

Vendor Medtronic
Product 8840 N’Vision Clinician Programmer
Weakness CWE-693
Published July 13, 2018
Last update August 26, 2025

CVSS base score

6.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 26, 2025 Record updated