Details of VAR-202103-0582

ID

VAR-202103-0582

CVE

CVE-2020-6771

TITLE

Bosch IP Helper Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-016366

DESCRIPTION

Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same application directory as the portable IP Helper application. Bosch IP Helper is an industrial control equipment of Bosch company in Germany. Universal discovery and network configuration tool for all Bosch IP Network Video products

Trust: 2.25

sources: NVD: CVE-2020-6771 // JVNDB: JVNDB-2020-016366 // CNVD: CNVD-2021-27379 // VULMON: CVE-2020-6771

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-27379

AFFECTED PRODUCTS

vendor:	bosch	model:	ip helper	scope:	lte	version:	1.00.0008	Trust: 1.0
vendor:	robert bosch	model:	ip helper	scope:	eq	version:	-	Trust: 0.8
vendor:	robert bosch	model:	ip helper	scope:	lte	version:	1.00.0008 until	Trust: 0.8
vendor:	bosch	model:	ip helper	scope:	lte	version:	<=1.00.0008	Trust: 0.6

sources: CNVD: CNVD-2021-27379 // JVNDB: JVNDB-2020-016366 // NVD: CVE-2020-6771

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6771
value:	HIGH
Trust: 1.0
psirt@bosch.com:	CVE-2020-6771
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-6771
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-27379
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-1460
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-6771
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6771
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-27379
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-6771
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-016366
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-27379 // VULMON: CVE-2020-6771 // JVNDB: JVNDB-2020-016366 // CNNVD: CNNVD-202103-1460 // NVD: CVE-2020-6771 // NVD: CVE-2020-6771

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.0
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-016366 // NVD: CVE-2020-6771

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1460

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1460

PATCH

title:	BOSCH-SA-835563-BT	url:	https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html	Trust: 0.8
title:	Patch for Bosch IP Helper has unspecified vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/257591	Trust: 0.6
title:	Bosch IP Helper Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145737	Trust: 0.6

sources: CNVD: CNVD-2021-27379 // JVNDB: JVNDB-2020-016366 // CNNVD: CNNVD-202103-1460

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6771	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-016366	Trust: 0.8
db:	CNVD	id:	CNVD-2021-27379	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-1460	Trust: 0.6
db:	VULMON	id:	CVE-2020-6771	Trust: 0.1

sources: CNVD: CNVD-2021-27379 // VULMON: CVE-2020-6771 // JVNDB: JVNDB-2020-016366 // CNNVD: CNNVD-202103-1460 // NVD: CVE-2020-6771

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6771	Trust: 1.4
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1942097	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198844	Trust: 0.1

sources: CNVD: CNVD-2021-27379 // VULMON: CVE-2020-6771 // JVNDB: JVNDB-2020-016366 // CNNVD: CNNVD-202103-1460 // NVD: CVE-2020-6771

SOURCES

db:	CNVD	id:	CNVD-2021-27379
db:	VULMON	id:	CVE-2020-6771
db:	JVNDB	id:	JVNDB-2020-016366
db:	CNNVD	id:	CNNVD-202103-1460
db:	NVD	id:	CVE-2020-6771

LAST UPDATE DATE

2024-11-23T23:07:38.564000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-27379	date:	2021-04-19T00:00:00
db:	VULMON	id:	CVE-2020-6771	date:	2021-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-016366	date:	2021-11-26T03:15:00
db:	CNNVD	id:	CNNVD-202103-1460	date:	2021-03-30T00:00:00
db:	NVD	id:	CVE-2020-6771	date:	2024-11-21T05:36:10.057

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-27379	date:	2021-04-12T00:00:00
db:	VULMON	id:	CVE-2020-6771	date:	2021-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-016366	date:	2021-11-26T00:00:00
db:	CNNVD	id:	CNNVD-202103-1460	date:	2021-03-25T00:00:00
db:	NVD	id:	CVE-2020-6771	date:	2021-03-25T16:15:13.413