CVE-2021-38394 MEDIUM

CVE-2021-38394: Missing Protection against Hardware Reverse Engineering Using Integrated Circuit Imaging Techniques for Boston Scientific Zoom Latitude

Vendor Boston Scientific
Product ZOOM LATITUDE
Weakness CWE-1278
Published October 4, 2021
Last update September 16, 2024

CVSS base score

6.2/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.

Key dates

02Disclosure timeline

October 4, 2021 CVE published
September 16, 2024 Record updated