CVE-2020-6790 : What You Need to Know
CVE-2020-6790 involves a vulnerability in Bosch Video Streaming Gateway installer up to version 6.45.10, allowing arbitrary code execution. Learn about the impact, affected systems, and mitigation steps.
A vulnerability in the Bosch Video Streaming Gateway installer up to version 6.45.10 could allow an attacker to execute arbitrary code on a victim's system.
Understanding CVE-2020-6790
This CVE involves an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer.
What is CVE-2020-6790?
The vulnerability allows an attacker to execute arbitrary code by tricking a victim into placing a malicious executable in the same directory where the installer is launched.
The Impact of CVE-2020-6790
- CVSS Base Score: 7.8 (High)
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Technical Details of CVE-2020-6790
This section provides more in-depth technical details of the vulnerability.
Vulnerability Description
The flaw arises from calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer.
Affected Systems and Versions
- Affected Product: Video Streaming Gateway
- Vendor: Bosch
- Affected Version: <= 6.45.10 (Custom version)
Exploitation Mechanism
The attacker needs to manipulate the victim into placing a malicious executable in the same directory where the installer is initiated.
Mitigation and Prevention
Protecting systems from CVE-2020-6790 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Avoid running the installer from untrusted directories.
- Regularly update antivirus software to detect malicious executables.
Long-Term Security Practices
- Educate users on safe installation practices.
- Implement file system access controls to restrict executable placement.
Patching and Updates
- Apply patches provided by Bosch to fix the vulnerability.