How severe is CVE-2018-8868?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2018-8868?

This is classified as CWE-749, which is a common weakness in software security.

CVE-2018-8868 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.

Related Vulnerabilities

CVE-2025-43003

MEDIUM

CVSS:6.4(Medium)

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the a...

CWE-7492025

CVE-2019-20923

MEDIUM

CVSS:6.5(Medium)

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to ...

CWE-7492019

CVE-2019-4386

MEDIUM

CVSS:6.5(Medium)

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

CWE-7492019

CVE-2020-17391

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code ...

CWE-7492020

CVE-2024-6863

MEDIUM

CVSS:6.5(Medium)

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwr...

CWE-7492024

CVE-2025-26651

MEDIUM

CVSS:6.5(Medium)

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.

CWE-7492025