CVE-2020-6787
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code on systems running vulnerable versions of the Bosch Video Client installer. Attackers can achieve this by tricking users into placing a malicious DLL in the same directory as the installer. Users who run the installer from untrusted directories are at risk.
💻 Affected Systems
- Bosch Video Client
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the victim's system, enabling data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive files, system configuration changes, or installation of additional malware.
If Mitigated
No impact if users only run the installer from trusted directories and maintain proper file permissions.
🎯 Exploit Status
Exploitation requires social engineering to place malicious DLL and convince user to run installer from that location.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.7.6.080 or later
Vendor Advisory: https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html
Restart Required: No
Instructions:
1. Download latest Bosch Video Client installer from official Bosch website. 2. Uninstall previous version. 3. Install updated version. 4. Verify version is 1.7.6.080 or higher.
🔧 Temporary Workarounds
Restrict installer execution locations
windowsOnly run the installer from trusted directories like Downloads or Desktop, never from network shares or removable media.
Use application whitelisting
windowsConfigure Windows AppLocker or similar to restrict execution of installers to approved directories.
🧯 If You Can't Patch
- Train users to only run installers from trusted directories and verify file integrity before execution.
- Implement least privilege principles so standard users cannot install software without admin approval.
🔍 How to Verify
Check if Vulnerable:
Check installed version of Bosch Video Client. If version is 1.7.6.079 or earlier, system is vulnerable.Check Version:
Check program properties or About dialog in Bosch Video Client application.Verify Fix Applied:
Verify installed version is 1.7.6.080 or later. Test by attempting to place DLL in installer directory - should not load.📡 Detection & Monitoring
Log Indicators:
- Windows Event Log entries showing DLL loading from unusual directories during installer execution
- Process Monitor logs showing installer loading DLLs from current directory
Network Indicators:
- Unusual outbound connections following installer execution from non-standard locations
SIEM Query:
EventID=7 OR EventID=11 WHERE ImagePath contains 'Bosch' AND ProcessCommandLine contains 'install'