Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
CVE-2020-6785

7.8HIGH

Key Information:

Vendor: Bosch
Status: Bvms; Bvms Viewer; Divar Ip 7000 R2; Divar Ip All-in-one 5000
Vendor: CVE Published:; 24 March 2021

What is CVE-2020-6785?

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

Affected Version(s)

BVMS < 9.0.0

BVMS 10.0 < 10.0.2

BVMS 10.1 < 10.1.1

References

https://psirt.bosch.com/security-advisories/bosch-sa-8355...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2021
Vulnerability Reserved
Jan 10, 2020

CVE-2020-6785 Data

JSON