CVE-2020-6785 : What You Need to Know
CVE-2020-6785 allows arbitrary code execution in Bosch BVMS and BVMS Viewer versions 10.1.0, 10.0.1, 10.0.0, and 9.0.0. Learn about the impact, affected systems, and mitigation steps.
A vulnerability in Bosch BVMS and BVMS Viewer allows attackers to execute arbitrary code on affected systems.
Understanding CVE-2020-6785
What is CVE-2020-6785?
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer versions 10.1.0, 10.0.1, 10.0.0, and 9.0.0 and older can enable attackers to execute arbitrary code on victim systems.
The Impact of CVE-2020-6785
This vulnerability has a CVSS base score of 7.8, indicating a high severity level with impacts on confidentiality, integrity, and availability.
Technical Details of CVE-2020-6785
Vulnerability Description
The flaw allows attackers to load a DLL through an Uncontrolled Search Path Element, leading to arbitrary code execution.
Affected Systems and Versions
- BVMS and BVMS Viewer versions 10.1.0, 10.0.1, 10.0.0, and 9.0.0 and older
- Bosch DIVAR IP 7000 R2, DIVAR IP all-in-one 5000, and DIVAR IP all-in-one 7000 with installers and BVMS versions prior to 10.1.1
Exploitation Mechanism
Attackers exploit the uncontrolled search path element to load malicious DLLs and execute arbitrary code.
Mitigation and Prevention
Immediate Steps to Take
- Update BVMS and BVMS Viewer to versions 10.1.1 or higher
- Implement strict DLL loading controls
- Monitor system DLL loading behavior
Long-Term Security Practices
- Regularly update and patch software
- Conduct security audits and code reviews
Patching and Updates
Apply security patches provided by Bosch to address the vulnerability.