CVE-2020-6966

Name of the Vulnerable Software and Affected Versions ApexPro Telemetry Server versions 4.2 and prior CARESCAPE Telemetry Server versions 4.2 and prior Clinical Information Center (CIC) versions 4.X and 5.X CARESCAPE Central Station (CSCS) versions 1.X

Description The affected products use a weak encryption scheme for remote desktop control. This weakness may allow an attacker to obtain remote code execution of devices on the network.

Recommendations For ApexPro Telemetry Server versions 4.2 and prior, consider disabling remote desktop control until a stronger encryption scheme is implemented. For CARESCAPE Telemetry Server versions 4.2 and prior, restrict access to remote desktop control to minimize the risk of exploitation. For Clinical Information Center (CIC) versions 4.X and 5.X, avoid using remote desktop control in sensitive environments until the encryption scheme is updated. For CARESCAPE Central Station (CSCS) versions 1.X, limit network access to devices using remote desktop control to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.