CVE-2018-8849 MEDIUM

CVE-2018-8849: Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

Vendor Medtronic
Product N'Vision Clinician Programmer
Weakness CWE-311 · Missing encryption
Published May 18, 2018
Last update June 27, 2025

CVSS base score

4.6/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.

Key dates

02Disclosure timeline

May 18, 2018 CVE published
June 27, 2025 Record updated