CVE-2020-6961
CRITICALApexPro Telemetry Server <4.2 - Info Disclosure
Title source: llmDescription
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.
Scores
CVSS v3
10.0
EPSS
0.0019
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Classification
CWE
CWE-522
CWE-256
Status
published
Affected Products (9)
gehealthcare/apexpro_telemetry_server_firmware
< 4.2
gehealthcare/carescape_central_station_mai700_firmware
gehealthcare/carescape_central_station_mas700_firmware
gehealthcare/clinical_information_center_mp100d_firmware
gehealthcare/clinical_information_center_mp100d_firmware
gehealthcare/clinical_information_center_mp100r_firmware
gehealthcare/clinical_information_center_mp100r_firmware
gehealthcare/carescape_telemetry_server_mp100r_firmware
< 4.2
gehealthcare/carescape_telemetry_server_mp100r_firmware
Timeline
Published
Jan 24, 2020
Tracked Since
Feb 18, 2026