PT-2021-12592 · Bosch · Bosch Ip Helper

Nir Yehoshua

Published

2021-03-25

Updated

2021-03-25

CVE-2020-6771

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Bosch IP Helper versions prior to 1.00.0008

Description: The issue allows an attacker to execute arbitrary code on a victim's system by loading a DLL through an uncontrolled search path element. This can happen if the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application.

Recommendations: For versions prior to 1.00.0008, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting access to the application directory to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-6771

Affected Products

Bosch Ip Helper

PT-2021-12592 · Bosch · Bosch Ip Helper

CVE-2020-6771

Weakness Enumeration

Related Identifiers

Affected Products

References · 3