Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: bosch
Published: 2021-03-24T00:00:00
Updated: 2021-03-25T15:53:57
Reserved: 2020-01-10T00:00:00
Link: CVE-2020-6790
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-25T16:15:13.867
Modified: 2021-03-25T18:16:50.430
Link: CVE-2020-6790
JSON object: View
Redhat Information
No data.
CWE