CVE-2020-6789: 
Bosch Monitor Wall vulnerability analysis and mitigation

CVE-2020-6789 is a security vulnerability affecting the Bosch Monitor Wall installer up to and including version 10.00.0164. The vulnerability is classified as an Uncontrolled Search Path Element issue that could potentially allow an attacker to execute arbitrary code on a victim's system through DLL loading (Bosch PSIRT). The vulnerability was discovered and disclosed to Bosch by security researcher Dhiraj Mishra.

The vulnerability is categorized as CWE-427 (Uncontrolled Search Path Element) with a CVSS v3.1 Base Score of 7.8 (High). The attack requires local access and user interaction, with the prerequisite that the victim must be tricked into placing a malicious DLL in the same directory where the installer is started from. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Bosch PSIRT).

If successfully exploited, the vulnerability could allow an attacker to execute arbitrary code on the victim's system with the same privileges as the user running the installer. This could potentially lead to complete compromise of the affected system's confidentiality, integrity, and availability (Bosch PSIRT).

For mitigation, users are advised not to execute installers from directories that are accessible by other users or directories where potentially malicious DLLs could be located (e.g., the default Downloads directory). It is recommended to move executables to new separated directories not accessible by other users and only start the executables from there. Additionally, users should not execute installers directly from the default Downloads directory and should not accept unsolicited download prompts in a browser (Bosch PSIRT).