cbcvebase.
CVE-2020-6964
published 2020-01-24

CVE-2020-6964: In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE…

PriorityP349high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
EPSS
1.36%
68.3th percentile
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.

Affected

10 ranges
VendorProductVersion rangeFixed in
gehealthcareapexpro_telemetry_server_firmware<= 4.2
gehealthcarecarescape_central_station_mai700_firmware
gehealthcarecarescape_central_station_mai700_firmware
gehealthcarecarescape_central_station_mas700_firmware
gehealthcarecarescape_central_station_mas700_firmware
gehealthcarecarescape_telemetry_server_mp100r_firmware<= 4.2
gehealthcareclinical_information_center_mp100d_firmware
gehealthcareclinical_information_center_mp100d_firmware
gehealthcareclinical_information_center_mp100r_firmware
gehealthcareclinical_information_center_mp100r_firmware

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.