CVE-2020-6785

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
References () https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html - Vendor Advisory () https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html - Vendor Advisory

Information

Published : 2021-03-25 16:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-6785

Mitre link : CVE-2020-6785

CVE.ORG link : CVE-2020-6785


JSON object : View

Products Affected

bosch

  • video_management_system_viewer
  • divar_ip_all-in-one_5000
  • divar_ip_all-in-one_7000
  • divar_ip_7000_r2
  • video_management_system
CWE
CWE-427

Uncontrolled Search Path Element