Cisco Blogs

Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities

- April 4, 2018 - 0 Comments

Vulnerabilities discovered by Cory Duplantis from Talos


Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks.

We identified a number of vulnerabilities falling into two classes:

  • Four code execution vulnerabilities
  • One denial of service vulnerability.

The first category allows code execution on the medical device through a specially crafted network packet. The second category can cause the vulnerable service to crash. The vulnerabilities can be triggered remotely without authentication.


Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.