CVE-2021-43355 : What You Need to Know

Fresenius Kabi Agilia Connect Infusion System has a vulnerability that allows user input to be validated on the client side without authentication, potentially enabling unauthorized access.

Understanding CVE-2021-43355

This CVE concerns a security issue in the Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3.

What is CVE-2021-43355?

The vulnerability in Fresenius Kabi's software allows user input to be validated on the client side, bypassing server authentication, which could permit unauthorized access by attackers.

The Impact of CVE-2021-43355

With a CVSS base score of 7.3 (High), this vulnerability poses a significant risk as it could allow malicious actors to circumvent controls and gain service privileges.

Technical Details of CVE-2021-43355

This section delves into specific technical aspects of the CVE.

Vulnerability Description

The issue arises from inadequate server authentication, letting attackers bypass client-side validation to login with service privileges.

Affected Systems and Versions

Product: Vigilant Software Suite (Mastermed Dashboard)
Vendor: Fresenius Kabi
Versions Affected: Less than 2.0.1.3

Exploitation Mechanism

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None

Mitigation and Prevention

Steps to address and prevent exploitation of this vulnerability.

Immediate Steps to Take

Minimize network exposure for control system devices
Isolate control system networks behind firewalls
Use secure methods for remote access like VPNs

Long-Term Security Practices

Keep software and firmware versions up-to-date
Conduct regular security audits and assessments

Patching and Updates

Fresenius Kabi has released updated versions to address the vulnerability
Contact Fresenius Kabi for guidance on updating to the latest version