Weak Encryption Scheme in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Allows Remote Code Execution

Weak Encryption Scheme in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Allows Remote Code Execution

CVE-2020-6966 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network.

Learn more about our Cis Benchmark Audit For Desktop Software.