CVE-2021-38400 MEDIUM

CVE-2021-38400: Use of Password Hash with Insufficient Computational Effort for Boston Scientific Zoom Latitude

Vendor Boston Scientific
Product ZOOM LATITUDE
Weakness CWE-916
Published October 4, 2021
Last update September 16, 2024

CVSS base score

6.9/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

Key dates

02Disclosure timeline

October 4, 2021 CVE published
September 16, 2024 Record updated