CVE-2020-6962

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.
Severity
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
gehealthcareapexpro_telemetry_server_firmware
𝑥
≤ 4.2
gehealthcareapexpro_telemetry_server_firmware
4.3
gehealthcarecarescape_b450_monitor_firmware
2.0
gehealthcarecarescape_b650_monitor_firmware
1.0
gehealthcarecarescape_b650_monitor_firmware
2.0
gehealthcarecarescape_b850_monitor_firmware
1.0
gehealthcarecarescape_b850_monitor_firmware
2.0
gehealthcarecarescape_central_station_mai700_firmware
1.0
gehealthcarecarescape_central_station_mai700_firmware
2.0
gehealthcarecarescape_central_station_mas700_firmware
1.0
gehealthcarecarescape_central_station_mas700_firmware
2.0
gehealthcareclinical_information_center_mp100d_firmware
4.0
gehealthcareclinical_information_center_mp100d_firmware
5.0
gehealthcareclinical_information_center_mp100r_firmware
4.0
gehealthcareclinical_information_center_mp100r_firmware
5.0
gehealthcarecarescape_telemetry_server_mp100r_firmware
𝑥
≤ 4.2
gehealthcarecarescape_telemetry_server_mp100r_firmware
4.3
𝑥
= Vulnerable software versions