CVE-2020-6961

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2020-6961
In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files.

10.0 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-20-023-01 Third Party Advisory US Government Resource
https://www3.gehealthcare.com/~/media/downloads/us/support/site-planning/site-readiness/gehc-gateway_project_implementation_guide_pdf.pdf Product
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:gehealthcare:apexpro_telemetry_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:apexpro_telemetry_server:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_central_station_mai700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mai700:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:gehealthcare:carescape_central_station_mas700_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_central_station_mas700:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100d_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100d:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:4.0:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:clinical_information_center_mp100r_firmware:5.0:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:clinical_information_center_mp100r:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:gehealthcare:carescape_telemetry_server_mp100r_firmware:4.3:*:*:*:*:*:*:*
cpe:2.3:h:gehealthcare:carescape_telemetry_server_mp100r:-:*:*:*:*:*:*:*
Information

Published : 2020-01-24 09:15

Updated : 2020-03-17 10:20

NVD link : CVE-2020-6961

Mitre link : CVE-2020-6961

JSON object : View

CWE
CWE-522

Insufficiently Protected Credentials

Advertisement

dedicated server usa
Products Affected

gehealthcare

  • carescape_central_station_mai700_firmware
  • apexpro_telemetry_server_firmware
  • clinical_information_center_mp100r_firmware
  • clinical_information_center_mp100r
  • carescape_telemetry_server_mp100r
  • carescape_central_station_mai700
  • clinical_information_center_mp100d
  • carescape_telemetry_server_mp100r_firmware
  • clinical_information_center_mp100d_firmware
  • carescape_central_station_mas700_firmware
  • carescape_central_station_mas700
  • apexpro_telemetry_server