Lucene search

BoschCVELIST:CVE-2020-6771

HistoryMar 25, 2021 - 3:48 p.m.

CVE-2020-6771 Uncontrolled Search Path Element in Bosch IP Helper

2021-03-2515:48:28

CWE-427

bosch

www.cve.org

cve-2020-6771

uncontrolled search path

bosch ip helper

arbitrary code execution

dll

application directory.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application.

CNA Affected

[
  {
    "product": "IP Helper",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThanOrEqual": "1.00.0008",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

Related for CVELIST:CVE-2020-6771