CVE-2020-6964
published 2020-01-24CVE-2020-6964: In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE…
PriorityP349high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
EPSS
1.36%
68.3th percentile
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gehealthcare | apexpro_telemetry_server_firmware | <= 4.2 | — |
| gehealthcare | carescape_central_station_mai700_firmware | — | — |
| gehealthcare | carescape_central_station_mai700_firmware | — | — |
| gehealthcare | carescape_central_station_mas700_firmware | — | — |
| gehealthcare | carescape_central_station_mas700_firmware | — | — |
| gehealthcare | carescape_telemetry_server_mp100r_firmware | <= 4.2 | — |
| gehealthcare | clinical_information_center_mp100d_firmware | — | — |
| gehealthcare | clinical_information_center_mp100d_firmware | — | — |
| gehealthcare | clinical_information_center_mp100r_firmware | — | — |
| gehealthcare | clinical_information_center_mp100r_firmware | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-01-24
Published