CVE-2020-6965

Name of the Vulnerable Software and Affected Versions ApexPro Telemetry Server versions 4.2 and prior CARESCAPE Telemetry Server version 4.2 and prior Clinical Information Center (CIC) versions 4.X and 5.X CARESCAPE Central Station (CSCS) versions 1.X B450 version 2.X B650 versions 1.X and 2.X B850 versions 1.X and 2.X

Description A vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package.

Recommendations For ApexPro Telemetry Server versions 4.2 and prior, update to a version later than 4.2 to resolve the issue. For CARESCAPE Telemetry Server version 4.2 and prior, update to a version later than 4.2 to resolve the issue. For Clinical Information Center (CIC) versions 4.X and 5.X, update to a version outside of the 4.X and 5.X range to resolve the issue. For CARESCAPE Central Station (CSCS) versions 1.X, update to a version outside of the 1.X range to resolve the issue. For B450 version 2.X, update to a version outside of the 2.X range to resolve the issue. For B650 versions 1.X and 2.X, update to a version outside of the 1.X and 2.X range to resolve the issue. For B850 versions 1.X and 2.X, update to a version outside of the 1.X and 2.X range to resolve the issue.