Sign-up

ID

VAR-202103-0583


CVE

CVE-2020-6785


TITLE

Bosch BVMS  and  BVMS Viewer  Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-016365

DESCRIPTION

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. Bosch BVMS and BVMS Viewer There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-6785 // JVNDB: JVNDB-2020-016365 // VULMON: CVE-2020-6785

AFFECTED PRODUCTS

vendor:boschmodel:video management system viewerscope:gteversion:10.1.0

Trust: 1.0

vendor:boschmodel:video management systemscope:ltversion:10.1.1

Trust: 1.0

vendor:boschmodel:video management systemscope:ltversion:10.0.2

Trust: 1.0

vendor:boschmodel:video management system viewerscope:ltversion:9.0

Trust: 1.0

vendor:boschmodel:video management system viewerscope:ltversion:10.0.2

Trust: 1.0

vendor:boschmodel:video management systemscope:gteversion:10.0

Trust: 1.0

vendor:boschmodel:video management system viewerscope:ltversion:10.1.1

Trust: 1.0

vendor:boschmodel:video management system viewerscope:gteversion:10.0

Trust: 1.0

vendor:boschmodel:video management systemscope:ltversion:9.0

Trust: 1.0

vendor:boschmodel:video management systemscope:gteversion:10.1

Trust: 1.0

vendor:robert boschmodel:video management systemscope:eqversion:10.0.0

Trust: 0.8

vendor:robert boschmodel:video management systemscope:eqversion:10.1.0

Trust: 0.8

vendor:robert boschmodel:video management systemscope:eqversion:10.0.1

Trust: 0.8

vendor:robert boschmodel:video management systemscope:lteversion:9.0.0 and earlier

Trust: 0.8

vendor:robert boschmodel:bvms viewerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-016365 // NVD: CVE-2020-6785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6785
value: HIGH

Trust: 1.0

psirt@bosch.com: CVE-2020-6785
value: HIGH

Trust: 1.0

NVD: CVE-2020-6785
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202103-1461
value: HIGH

Trust: 0.6

VULMON: CVE-2020-6785
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6785
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-6785
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2020-016365
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-6785 // JVNDB: JVNDB-2020-016365 // CNNVD: CNNVD-202103-1461 // NVD: CVE-2020-6785 // NVD: CVE-2020-6785

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.0

problemtype:Uncontrolled search path elements (CWE-427) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016365 // NVD: CVE-2020-6785

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1461

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1461

PATCH

title:BOSCH-SA-835563-BTurl:https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

Trust: 0.8

title:Bosch BVMS Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145738

Trust: 0.6

sources: JVNDB: JVNDB-2020-016365 // CNNVD: CNNVD-202103-1461

EXTERNAL IDS

db:NVDid:CVE-2020-6785

Trust: 2.5

db:JVNDBid:JVNDB-2020-016365

Trust: 0.8

db:CNNVDid:CNNVD-202103-1461

Trust: 0.6

db:VULMONid:CVE-2020-6785

Trust: 0.1

sources: VULMON: CVE-2020-6785 // JVNDB: JVNDB-2020-016365 // CNNVD: CNNVD-202103-1461 // NVD: CVE-2020-6785

REFERENCES

url:https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-6785

Trust: 0.8

url:https://www.telekom.com/resource/blob/621186/3fb50ca7a4a97728be18717ed7b0062c/dl-210308-critical-dos-vulnerability-in-sqlcipher-sql-command-processing-data.pdf

Trust: 0.6

url:https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/198843

Trust: 0.1

sources: VULMON: CVE-2020-6785 // JVNDB: JVNDB-2020-016365 // CNNVD: CNNVD-202103-1461 // NVD: CVE-2020-6785

SOURCES

db:VULMONid:CVE-2020-6785
db:JVNDBid:JVNDB-2020-016365
db:CNNVDid:CNNVD-202103-1461
db:NVDid:CVE-2020-6785

LAST UPDATE DATE

2024-11-23T22:37:03.998000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-6785date:2021-03-25T00:00:00
db:JVNDBid:JVNDB-2020-016365date:2021-11-26T02:53:00
db:CNNVDid:CNNVD-202103-1461date:2021-03-30T00:00:00
db:NVDid:CVE-2020-6785date:2024-11-21T05:36:10.873

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-6785date:2021-03-25T00:00:00
db:JVNDBid:JVNDB-2020-016365date:2021-11-26T00:00:00
db:CNNVDid:CNNVD-202103-1461date:2021-03-25T00:00:00
db:NVDid:CVE-2020-6785date:2021-03-25T16:15:13.523