CVE-2020-6965

CVE-2020-6965

Vendor N/A
Product GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
Weakness CWE-434 · Unrestricted file upload
Published January 24, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Key dates

02Disclosure timeline

January 24, 2020 CVE published
August 4, 2024 Record updated