CVE-2017-14018 — MEDIUM (4.8)

Vulnerability Description

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Ethicon	Endo-Surgery Generator Gen11 Firmware	-
Ethicon	Endo-Surgery Generator Gen11	-

Related Weaknesses (CWE)

CWE-287

References

http://www.securityfocus.com/bid/101978Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/101978Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-14018?

CVE-2017-14018 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used be...

How severe is CVE-2017-14018?

CVE-2017-14018 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14018?

Check the references section above for vendor advisories and patch information. Affected products include: Ethicon Endo-Surgery Generator Gen11 Firmware, Ethicon Endo-Surgery Generator Gen11.