Published: 16/06/2021 Updated: 22/06/2021

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

ZOLL Defibrillator Dashboard, v before 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an malicious user to gain access to sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoll defibrillator dashboard

Zoll Defibrillator Dashboard would execute contents of random Excel files ordinary users could import

The Register • Gareth Corfield • 15 Jun 2021

Medical device cybersecurity raises its head in CISA warning

A defibrillator management platform was riddled with vulnerabilities including a remote command execution flaw that could seemingly be invoked by uploading an Excel spreadsheet to the platform. Or so warned the US's Cybersecurity and Infrastructure Security Agency, which said the Defibrillator Dashboard software, made by medical devices firm Zoll, contained six flaws in total, the combined effect of which could present an infosec Swiss cheese for malicious people to exploit. As well as allowing ...

CVE-2021-27481

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect