CVE-2021-33848 : Security Advisory and Response
Learn about CVE-2021-33848 affecting Fresenius Kabi's Agilia Connect Infusion System. Find out the impact, technical details, and mitigation steps to take for this cross-site scripting vulnerability.
Fresenius Kabi Agilia Connect Infusion System is vulnerable to reflected cross-site scripting attacks, allowing unauthorized actions that may compromise sensitive information.
Understanding CVE-2021-33848
This vulnerability affects Fresenius Kabi's Vigilant Software Suite (Mastermed Dashboard) versions less than 2.0.1.3, reported by security researchers to the German Federal Office for Information Security.
What is CVE-2021-33848?
Fresenius Kabi's Agilia Connect Infusion System is susceptible to reflected cross-site scripting, enabling malicious actors to execute JavaScript code through HTTP requests.
The Impact of CVE-2021-33848
An attacker could exploit this vulnerability to carry out unauthorized activities, including accessing internal data and performing actions within authenticated user sessions.
Technical Details of CVE-2021-33848
This vulnerability has a CVSSv3 base score of 5.4, indicating a medium severity issue with low confidentiality and integrity impacts.
Vulnerability Description
The vulnerability allows attackers to inject JavaScript via GET parameters, potentially leading to information theft and unauthorized actions.
Affected Systems and Versions
Fresenius Kabi's Vigilant Software Suite (Mastermed Dashboard) versions less than 2.0.1.3 are impacted by this security flaw.
Exploitation Mechanism
Attackers can exploit this issue by injecting malicious JavaScript code through HTTP requests.
Mitigation and Prevention
If you are using affected versions, consider immediate steps to secure your system.
Immediate Steps to Take
CISA recommends minimizing network exposure, isolating control system devices, and using secure remote access methods like VPNs.
Long-Term Security Practices
Update to the latest versions provided by Fresenius Kabi to address the vulnerability and follow best security practices.
Patching and Updates
Fresenius Kabi has released new versions, including Link+ v3.0, VSS v1.0.3, and Agilia Connect Partner v3.3.2, to mitigate the vulnerabilities. Contact Fresenius Kabi for assistance in updating.