Prominent defibrillator management tool exposed to remote attacks

High-Risk security flaws found and patched in ZOLL defibrillator management software. Here’s what happened and what was vulnerable.
ZOLL Defibrillator management software vulnerable to RCE flaws

High-Risk Security Flaws Found and Patched in ZOLL Defibrillator Management Software.

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released an alert stating that multiple remote code execution vulnerabilities have been identified in software used by ZOLL, a US-based healthcare technology provider.

SEE: Hackers exploiting critical vulnerabilities in Fortinet VPN – FBI-CISA

According to the authorities, the flaws were found in the company’s Defibrillator Dashboard, and an attacker can exploit them to take over the affected system. Reportedly, many high-scoring flaws were present in ZOLL’s software, mainly used to manage defibrillator devices and result in the loss of sensitive data.

Why is the Dashboard Used?

The Defibrillator Dashboard lets medical professionals monitor the fleet of defibrillators. This dashboard is designed to be used in the biomedical engineering departments in a healthcare facility. It streamlines defibrillator management and helps administrators perform real-time monitoring of devices across multiple sites and within the enterprise environment.

About the Vulnerabilities

Around half a dozen vulnerabilities were found in the defibrillator dashboard before version 2.2. One of the vulnerabilities identified by CISA is an unrestricted file upload flaw that received a CVSS score of 9.9.

Another one is a cross-site scripting bug (XSS), then there is an insecure password storage flaw and a privilege escalation issue. The dash uses hard-coded cryptographic keys, which increased the high likelihood of exploiting one of the flaws as it can let an attacker recover encrypted data.

“The cryptographic key is within a hard-coded string value that is compared to the password. It is likely that an attacker will be able to read the key and compromise the system,” CISA wrote in the advisory.

Potential Dangers

Suppose a threat actor manages to access the system. In that case, they can obtain or read sensitive data/information because one of the vulnerabilities stores system data in cleartext format and maintains account ID in a plaintext browser cookie.

This two folds the risk of exposure in case the device gets compromised. Moreover, an attacker can copy the cookie remotely by combining the flaw with a cross-site scripting flaw if the device isn’t compromised.

Finally, the dashboard doesn’t encrypt data prior to writing it to a buffer, exposing data to unauthorized actors.

A Patch Is Necessary- CISA

According to the advisory, these flaws were reported anonymously to CISA, and ZOLL was contacted to develop necessary patches.

SEE: CISA warns of disruptive ransomware attacks on US hospitals

CISA further explained that if these vulnerabilities were exploited successfully, it would have allowed attackers to carry out remote code execution, gain access to user credentials, and/or compromise the “confidentiality, integrity, and availability of the application.”

As a result, CISA urges relevant administrators to upgrade to the latest version of the software to mitigate the threat.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts