HIGH🇬🇧 English

CVE-2020-6785

CVSS 7.8v3.1pub. 2021-03-25upd. 2024-11-21

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Bosch Divar Ip 7000 R2

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip All In One 5000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip All In One 7000

    HW
    Bosch
    wszystkie wersje
  • Bosch Video Management System

    APP
    Bosch
    < 9.010.0 – 10.0.2 (bez)10.1 – 10.1.1 (bez)
  • Bosch Video Management System Viewer

    APP
    Bosch
    < 9.010.0 – 10.0.2 (bez)10.1.0 – 10.1.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2019-11684CRITICAL9.9ten sam produkt

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitra...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2023-28175HIGH7.1ten sam produkt

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user ...

CVE-2020-6768HIGH8.6ten sam produkt

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauth...

CVE-2020-6767HIGH7.7ten sam produkt

A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authe...