CVE-2021-23859 – Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
https://notcve.org/view.php?id=CVE-2021-23859
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 Un atacante no autenticado es capaz de enviar una petición HTTP especial, que causa el bloqueo de un servicio. En el caso de un VRM independiente o de un BVMS con instalación de VRM, este bloqueo también abre la posibilidad de enviar más comandos no autenticados al servicio. • https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-755: Improper Handling of Exceptional Conditions •
CVE-2019-11684 – Improper Access Control in Bosch Video Recording Manager
https://notcve.org/view.php?id=CVE-2019-11684
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. Un control de acceso inapropiado en el servidor RCP+ del componente Bosch Video Recording Manager (VRM), permite el acceso arbitrario y no autenticado a un subconjunto limitado de certificados, almacenados en el sistema operativo subyacente de Microsoft Windows. • https://psirt.bosch.com/security-advisories/bosch-sa-804652.html • CWE-306: Missing Authentication for Critical Function •
CVE-2020-6769 – Missing Authentication for Critical Function in Bosch Video Streaming Gateway
https://notcve.org/view.php?id=CVE-2020-6769
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. • https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html • CWE-306: Missing Authentication for Critical Function •
CVE-2019-8952
https://notcve.org/view.php?id=CVE-2019-8952
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032). Una vulnerabilidad de salto de directorio ubicada en el servidor web afecta a varios productos de hardware y software de Bosch. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bt-cve-2019-8952_security_advisory_vrm_path_traversal.pdf https://psirt.bosch.com https://psirt.bosch.com/Advisory/BOSCH-2019-0402.html https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-8951
https://notcve.org/view.php?id=CVE-2019-8951
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). Una vulnerabilidad de redirección abierta en el servidor web afecta a varios productos de hardware y software de Bosch. • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0401bt-cve-2019-8951_security_advisory_vrm_open_redirect.pdf https://psirt.bosch.com https://psirt.bosch.com/Advisory/BOSCH-2019-0401.html https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •