CVE-2018-14781 MEDIUM

CVE-2018-14781: Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Authentication Bypass by Capture-replay

Vendor Medtronic
Product MMT- 508 - MiniMed pump
Weakness CWE-294
Published August 13, 2018
Last update May 22, 2025

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

Key dates

02Disclosure timeline

August 13, 2018 CVE published
May 22, 2025 Record updated