CVE-2020-6767

Path Traversal in Bosch Video Management System (BVMS)

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.

Una vulnerabilidad de salto de ruta en el FileTransferService de Bosch Video Management System (BVMS), permite a un atacante remoto autenticado leer archivos arbitrarios del Servidor Central. Esto afecta a Bosch BVMS versiones 10.0 anteriores a 10.0.0.1225 incluyéndola, versiones 9.0 anteriores a 9.0.0.827 incluyéndola, versiones 8.0 anteriores a 8.0.329 incluyéndola y versiones 7.5 y anteriores. Esto afecta a Bosch BVMS Viewer versiones 10.0 anteriores a 10.0.0.1225 incluyéndola, versiones 9.0 anteriores a 9.0.0.827 incluyéndola, versiones 8.0 anteriores a 8.0.329 incluyéndola y versiones 7.5 y anteriores. Esto afecta a Bosch DIVAR IP 3000, DIVAR IP 7000 y DIVAR IP all-in-one 5000 si se instala una versión vulnerable de BVMS.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-01-10 CVE Reserved
2020-02-06 CVE Published
2024-03-09 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-bt_cve-2020-6767_securityadvisory_bvms_pathtraversal.pdf	2020-02-14

URL	Date	SRC
https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.html	2020-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	<= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	<= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	<= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000"	-	-	Safe
Bosch Search vendor "Bosch"	Video Management System Search vendor "Bosch" for product "Video Management System"	>= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225"	-	Affected	in	Bosch Search vendor "Bosch"	Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000"	-	-	Safe
Bosch Search vendor "Bosch"		Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer"				<= 7.5 Search vendor "Bosch" for product "Video Management System Viewer" and version " <= 7.5"		-		Affected
Bosch Search vendor "Bosch"		Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer"				>= 8.0 <= 8.0.329 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 8.0 <= 8.0.329"		-		Affected
Bosch Search vendor "Bosch"		Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer"				>= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 9.0 <= 9.0.0.827"		-		Affected
Bosch Search vendor "Bosch"		Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer"				>= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 10.0 <= 10.0.0.1225"		-		Affected