exploitDog

CVE-2020-6790

Опубликовано: 25 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.

Ссылки

https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
Vendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bosch:video_streaming_gateway:*:*:*:*:*:*:*:*

Версия до 6.45.10 (включая)

EPSS

Процентиль: 19%

0.00061

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-427

CWE-427

Связанные уязвимости

GHSA-gwxv-mhq9-mfm8

github

больше 3 лет назад

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.

EPSS

Процентиль: 19%

0.00061

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-427

CWE-427