Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victimβs system. A prerequisite is that the victim is tricked into placing a malicious DLL in the same directory where the installer is started from.
CPE | Name | Operator | Version |
---|---|---|---|
configuration_manager | le | 7.21.0078 |