CVE-2021-38398
6.5 MEDIUMThe affected device uses off-the-shelf software components that contain unpatched vulnerabilities
Published: 2021-10-04 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
- CWE
- CWE-1329
Affected products
| Vendor | Product |
|---|---|
| bostonscientific | zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware, zoom_latitude_programming_system_model_3120_firmware |
Description
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-38400 — An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially craft... (6.9 MEDIUM)
- CVE-2021-38396 — The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive (6.5 MEDIUM)
- CVE-2021-38394 — An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which cou... (6.2 MEDIUM)
- CVE-2021-38392 — A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemet... (6.5 MEDIUM)
Same CWE
- CVE-2026-48576 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
- CVE-2026-48573 — Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)