- What is the severity of CVE-2018-10631?
- CVE-2018-10631 has been scored as a medium severity vulnerability.
- How to fix CVE-2018-10631?
- As a workaround for remediating CVE-2018-10631: Medtronic has not developed a product update to address the vulnerabilities, but is reinforcing security reminders within this advisory to help reduce the risk associated with the vulnerabilities. The 8870 Therapy Application card stores PHI and PII as part of its normal operating procedure and should be handled, managed and secured in a manner consistent with the applicable laws for patient data privacy. Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, hospitals and clinicians should: * Maintain strict physical control of the 8870 application card. * Use only legitimately obtained 8870 cards and not cards provided by any third party as firmware and system updates are provided directly by Medtronic using new 8870 application cards. * 8840 Programmers and 8870 Therapy Application compact flash cards are the property of Medtronic and should be returned to Medtronic when no longer in use. If that is not an option, you should securely dispose of them. Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security
- Is CVE-2018-10631 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2018-10631 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2018-10631?
- CVE-2018-10631 affects Medtronic 8840 N’Vision Clinician Programmer, Medtronic 8870 N’Vision removable Application Card.