VAR-202103-0588
Vulnerability from variot - Updated: 2023-12-18 13:27Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. Bosch BVMS is an application system of Bosch Company in Germany. For video management. A security vulnerability exists in Bosch BVMS that could allow an attacker to execute arbitrary code on a victim's system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0588",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video streaming gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "bosch",
"version": "6.45.10"
},
{
"model": "video streaming gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "robert bosch",
"version": "6.45.10 until"
},
{
"model": "video streaming gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "robert bosch",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bosch:video_streaming_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.45.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6790"
}
]
},
"cve": "CVE-2020-6790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-6790",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-184915",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-016361",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6790",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "psirt@bosch.com",
"id": "CVE-2020-6790",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1493",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-184915",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6790",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim\u0027s system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. Bosch BVMS is an application system of Bosch Company in Germany. For video management. A security vulnerability exists in Bosch BVMS that could allow an attacker to execute arbitrary code on a victim\u0027s system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "VULMON",
"id": "CVE-2020-6790"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6790",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN37607293",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-184915",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-6790",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"id": "VAR-202103-0588",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-184915"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:27:48.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BOSCH-SA-835563-BT",
"trust": 0.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
},
{
"title": "Bosch Video Streaming Gateway Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=145750"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6790"
},
{
"trust": 0.6,
"url": "https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn37607293/index.html"
},
{
"trust": 0.6,
"url": "https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/427.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198833"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-184915"
},
{
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-184915"
},
{
"date": "2021-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"date": "2021-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"date": "2021-03-25T16:15:13.867000",
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"date": "2021-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-184915"
},
{
"date": "2021-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6790"
},
{
"date": "2021-11-26T01:43:00",
"db": "JVNDB",
"id": "JVNDB-2020-016361"
},
{
"date": "2021-03-25T18:16:50.430000",
"db": "NVD",
"id": "CVE-2020-6790"
},
{
"date": "2021-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bosch\u00a0Video\u00a0Streaming\u00a0Gateway\u00a0 Vulnerability in Uncontrolled Search Path Elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1493"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…