CVE-2018-10601 (avalon_fetal/maternal_monitors_fm20_firmware, avalon_fetal/maternal_monitors_fm30_firmware, avalon_fetal/maternal_monitors_fm40_firmware, avalon_fetal/maternal_monitors_fm50_firmware, intellivue_patient_monitors_mp2_firmware, intellivue_patient_monitors_mp30_firmware, intellivue_patient_monitors_mp50_firmware, intellivue_patient_monitors_mp70_firmware, intellivue_patient_monitors_mx100_firmware, intellivue_patient_monitors_mx400_firmware, intellivue_patient_monitors_mx450_firmware, intellivue_patient_monitors_mx500_firmware, intellivue_patient_monitors_mx550_firmware, intellivue_patient_monitors_mx700_firmware, intellivue_patient_monitors_mx800_firmware, intellivue_patient_monitors_np90_firmware, intellivue_patient_monitors_x2_firmware, intellivue_patient_monitors_x3_firmware)

Posted by Cyberthreat Blog | Sep 4, 2020 | CVE Validated | 0 |

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an “echo” service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

About The Author

Cyberthreat Blog

Share This

Share This

About The Author

Cyberthreat Blog

Related Posts

CVE-2008-3535 (debian_linux, linux_kernel, ubuntu_linux)

CVE-2010-1280 (shockwave_player)

CVE-2015-6706 (acrobat, acrobat_dc, acrobat_reader, acrobat_reader_dc)

CVE-2014-1494 (firefox, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, seamonkey, solaris)

Share This

Share This