Published: 16/06/2021 Updated: 22/06/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

ZOLL Defibrillator Dashboard, v before 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an malicious user to remotely execute arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zoll defibrillator dashboard

Zoll Defibrillator Dashboard would execute contents of random Excel files ordinary users could import

The Register • Gareth Corfield • 15 Jun 2021

Medical device cybersecurity raises its head in CISA warning

A defibrillator management platform was riddled with vulnerabilities including a remote command execution flaw that could seemingly be invoked by uploading an Excel spreadsheet to the platform. Or so warned the US's Cybersecurity and Infrastructure Security Agency, which said the Defibrillator Dashboard software, made by medical devices firm Zoll, contained six flaws in total, the combined effect of which could present an infosec Swiss cheese for malicious people to exploit. As well as allowing ...

CVE-2021-27489

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect