Lucene search

[email protected]NVD:CVE-2020-6787

HistoryMar 25, 2021 - 4:15 p.m.

CVE-2020-6787

2021-03-2516:15:13

CWE-427

[email protected]

web.nvd.nist.gov

dll loading

uncontrolled search path

bosch video client

arbitrary code

victim's system

malicious dll

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim’s system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.

Affected configurations

Nvd

Node

boschvideo_clientRange≤1.7.6.079

VendorProductVersionCPE
boschvideo_client*cpe:2.3:a:bosch:video_client:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bosch	video_client	*	cpe:2.3:a:bosch:video_client::::::::

References

psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

Related for NVD:CVE-2020-6787

cvelist1 cve1 prion1