Details of VAR-202103-0588

ID

VAR-202103-0588

CVE

CVE-2020-6790

TITLE

Bosch Video Streaming Gateway Vulnerability in Uncontrolled Search Path Elements

Trust: 0.8

sources: JVNDB: JVNDB-2020-016361

DESCRIPTION

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from. Bosch BVMS is an application system of Bosch Company in Germany. For video management. A security vulnerability exists in Bosch BVMS that could allow an attacker to execute arbitrary code on a victim's system

Trust: 1.8

sources: NVD: CVE-2020-6790 // JVNDB: JVNDB-2020-016361 // VULHUB: VHN-184915 // VULMON: CVE-2020-6790

AFFECTED PRODUCTS

vendor:	bosch	model:	video streaming gateway	scope:	lte	version:	6.45.10	Trust: 1.0
vendor:	robert bosch	model:	video streaming gateway	scope:	lte	version:	6.45.10 until	Trust: 0.8
vendor:	robert bosch	model:	video streaming gateway	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-016361 // NVD: CVE-2020-6790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-6790
value:	HIGH
Trust: 1.0
psirt@bosch.com:	CVE-2020-6790
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-6790
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-1493
value:	HIGH
Trust: 0.6
VULHUB:	VHN-184915
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-6790
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-6790
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-184915
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-6790
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-016361
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-184915 // VULMON: CVE-2020-6790 // JVNDB: JVNDB-2020-016361 // CNNVD: CNNVD-202103-1493 // NVD: CVE-2020-6790 // NVD: CVE-2020-6790

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-184915 // JVNDB: JVNDB-2020-016361 // NVD: CVE-2020-6790

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-1493

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202103-1493

PATCH

title:	BOSCH-SA-835563-BT	url:	https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html	Trust: 0.8
title:	Bosch Video Streaming Gateway Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145750	Trust: 0.6

sources: JVNDB: JVNDB-2020-016361 // CNNVD: CNNVD-202103-1493

EXTERNAL IDS

db:	NVD	id:	CVE-2020-6790	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-016361	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-1493	Trust: 0.7
db:	JVN	id:	JVN37607293	Trust: 0.6
db:	VULHUB	id:	VHN-184915	Trust: 0.1
db:	VULMON	id:	CVE-2020-6790	Trust: 0.1

sources: VULHUB: VHN-184915 // VULMON: CVE-2020-6790 // JVNDB: JVNDB-2020-016361 // CNNVD: CNNVD-202103-1493 // NVD: CVE-2020-6790

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6790	Trust: 0.8
url:	https://www.fujixerox.co.jp/company/news/notice/2021/0319_announce.html	Trust: 0.6
url:	https://jvn.jp/en/jp/jvn37607293/index.html	Trust: 0.6
url:	https://www.fujixerox.com/eng/company/news/notice/2021/0319_announce.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/427.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/198833	Trust: 0.1

sources: VULHUB: VHN-184915 // VULMON: CVE-2020-6790 // JVNDB: JVNDB-2020-016361 // CNNVD: CNNVD-202103-1493 // NVD: CVE-2020-6790

SOURCES

db:	VULHUB	id:	VHN-184915
db:	VULMON	id:	CVE-2020-6790
db:	JVNDB	id:	JVNDB-2020-016361
db:	CNNVD	id:	CNNVD-202103-1493
db:	NVD	id:	CVE-2020-6790

LAST UPDATE DATE

2024-11-23T22:25:10.435000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-184915	date:	2021-03-25T00:00:00
db:	VULMON	id:	CVE-2020-6790	date:	2021-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-016361	date:	2021-11-26T01:43:00
db:	CNNVD	id:	CNNVD-202103-1493	date:	2021-03-31T00:00:00
db:	NVD	id:	CVE-2020-6790	date:	2024-11-21T05:36:11.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-184915	date:	2021-03-25T00:00:00
db:	VULMON	id:	CVE-2020-6790	date:	2021-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-016361	date:	2021-11-26T00:00:00
db:	CNNVD	id:	CNNVD-202103-1493	date:	2021-03-25T00:00:00
db:	NVD	id:	CVE-2020-6790	date:	2021-03-25T16:15:13.867