CVE-2020-6787: Uncontrolled Search Path Element in Bosch Video Client installer
First published: Thu Mar 25 2021(Updated: )
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Video Client | <=1.7.6.079 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-6787.
What is the severity of CVE-2020-6787?
The severity of CVE-2020-6787 is high, with a severity score of 7.8.
What is the affected software for CVE-2020-6787?
The affected software for CVE-2020-6787 is Bosch Video Client version up to and including 1.7.6.079.
How does CVE-2020-6787 allow an attacker to execute arbitrary code?
CVE-2020-6787 allows an attacker to execute arbitrary code by tricking the victim into placing a malicious DLL in the same directory as the Bosch Video Client installer.
Is there a fix available for CVE-2020-6787?
Yes, a fix is available for CVE-2020-6787. It is recommended to update to a version of Bosch Video Client that is not affected by this vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/bosch
- canonical/bosch video client
- version/bosch video client/1.7.6.079