Weak Encryption Scheme in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Allows Remote Code Execution
CVE-2020-6966 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.
Learn more about our Cis Benchmark Audit For Desktop Software.