CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6790

HIGH
7.8
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile8.69th
PublishedMar 25, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.

Affected Platforms (CPE)

📦
Bosch

Video Streaming Gateway

<= 6.45.10

References & Advisories

🔗 https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
🔗 https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

Related Vulnerabilities

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...

CVE-2019-69579.8

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 200...

CVE-2017-123187.5

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent ...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...