High-Risk Security Flaws Found and Patched in ZOLL Defibrillator Management Software.
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released an alert stating that multiple remote code execution vulnerabilities have been identified in software used by ZOLL, a US-based healthcare technology provider.
SEE: Hackers exploiting critical vulnerabilities in Fortinet VPN – FBI-CISA
According to the authorities, the flaws were found in the company’s Defibrillator Dashboard, and an attacker can exploit them to take over the affected system. Reportedly, many high-scoring flaws were present in ZOLL’s software, mainly used to manage defibrillator devices and result in the loss of sensitive data.
Why is the Dashboard Used?
The Defibrillator Dashboard lets medical professionals monitor the fleet of defibrillators. This dashboard is designed to be used in the biomedical engineering departments in a healthcare facility. It streamlines defibrillator management and helps administrators perform real-time monitoring of devices across multiple sites and within the enterprise environment.
About the Vulnerabilities
Around half a dozen vulnerabilities were found in the defibrillator dashboard before version 2.2. One of the vulnerabilities identified by CISA is an unrestricted file upload flaw that received a CVSS score of 9.9.
Another one is a cross-site scripting bug (XSS), then there is an insecure password storage flaw and a privilege escalation issue. The dash uses hard-coded cryptographic keys, which increased the high likelihood of exploiting one of the flaws as it ..
Support the originator by clicking the read the rest link below.
