Arbitrary File Upload Vulnerability in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station

Arbitrary File Upload Vulnerability in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station

CVE-2020-6965 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Learn more about our Cis Benchmark Audit For Server Software.