CVE-2020-6962

Name of the Vulnerable Software and Affected Versions ApexPro Telemetry Server versions 4.2 and prior CARESCAPE Telemetry Server versions 4.2 and prior, version 4.3 Clinical Information Center (CIC) versions 4.X and 5.X CARESCAPE Central Station (CSCS) versions 1.X and 2.X B450 versions 2.X B650 versions 1.X and 2.X B850 versions 1.X and 2.X

Description An input validation issue exists in the web-based system configuration utility of the affected software, potentially allowing an attacker to achieve arbitrary remote code execution.

Recommendations For ApexPro Telemetry Server versions 4.2 and prior, update to a version later than 4.2. For CARESCAPE Telemetry Server versions 4.2 and prior, update to a version later than 4.3. For CARESCAPE Telemetry Server version 4.3, apply the necessary patch or update. For Clinical Information Center (CIC) versions 4.X and 5.X, restrict access to the web-based system configuration utility until a patch is available. For CARESCAPE Central Station (CSCS) versions 1.X and 2.X, disable the web-based system configuration utility as a temporary workaround. For B450 versions 2.X, B650 versions 1.X and 2.X, and B850 versions 1.X and 2.X, avoid using the web-based system configuration utility until the issue is resolved.