Strix
26.1K

CVE-2020-6785

HIGHCVSS 7.8/10EPSS 0.33%

Last modified

CVE-2020-6785 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.33%

24.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BoschVideo Management System< 9.0
BoschVideo Management System>= 10.0, < 10.0.2
BoschVideo Management System>= 10.1, < 10.1.1
BoschVideo Management System Viewer< 9.0
BoschVideo Management System Viewer>= 10.0, < 10.0.2
BoschVideo Management System Viewer>= 10.1.0, < 10.1.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-6785?
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
How severe is CVE-2020-6785?
CVE-2020-6785 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2020-6785?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-6785?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST