PT-2021-12602 · Bosch · Bosch Video Streaming Gateway
Dhiraj Mishra
·
Published
2021-03-25
·
Updated
2021-03-25
·
CVE-2020-6790
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Bosch Video Streaming Gateway versions up to and including 6.45.10
Description:
The issue allows an attacker to execute arbitrary code on a victim's system by calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer. This can happen if the victim is tricked into placing a malicious executable in the same directory where the installer is started from.
Recommendations:
For Bosch Video Streaming Gateway versions up to and including 6.45.10, ensure that the installer is run from a secure directory to prevent malicious executables from being executed. As a temporary workaround, consider restricting access to the directory where the installer is run to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosch Video Streaming Gateway