Description

Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. A prerequisite is that the victim is tricked into placing a malicious exe in the same directory where the installer is started from.

Related CPE's

a

bosch

video_streaming_gateway

Vulnerable

References

https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

Vendor Advisory

https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-427

[email protected]

Primary
CWE-427

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-03-25T15:15:13.867Z

5 years ago

Last modified

2024-11-21T04:36:11.420Z

1 year ago