Use of Password Hash with Insufficient Computational Effort for Boston Scientific Zoom Latitude

Vulnerability

An attacker with physical access to Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash (CWE-916). This hash can then be subjected to brute-force reverse engineering to recover the system password. The affected device is not network connected. [1]

Exploitation

The attacker requires physical access to the device. The attack involves either removing the hard disk drive and extracting the password hash, or inserting a specially crafted USB that reads the hash. No network connectivity is needed, and the attack complexity is high due to physical access requirements. [1]

Impact

Successful extraction and brute-forcing of the password hash allows the attacker to obtain the system password. This could lead to unauthorized access to patient protected health information (PHI) and compromise the integrity of the device. The CVSS v3 base score is 6.9, with vector AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L. [1]

Mitigation

The affected component is not updateable, so no firmware patch is available. Mitigation relies on physical security controls to prevent unauthorized access to the device, such as securing the device in a controlled environment and restricting access to authorized personnel. [1]