CVE-2020-6768
Path Traversal in Bosch Video Management System (BVMS)
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
Una vulnerabilidad de salto de ruta en la implementación NoTouch de Bosch Video Management System (BVMS), permite a un atacante remoto no autenticado leer archivos arbitrarios desde el Servidor Central. Esto afecta a Bosch BVMS versiones 10.0 anteriores a 10.0.0.1225 incluyéndola, 9.0 anteriores a 9.0.0.827 incluyéndola, 8.0 anteriores a 8.0.329 incluyéndola y 7.5 y anteriores. Esto afecta a Bosch BVMS Viewer versiones 10.0 anteriores a 10.0.0.1225 incluyéndola, 9.0 anteriores a 9.0.0.827 incluyéndola, 8.0 anteriores a 8.0.329 incluyéndola y 7.5 y anteriores. Esto afecta a Bosch DIVAR IP 3000, DIVAR IP 7000 y DIVAR IP all-in-one 5000 si una versión vulnerable de BVMS es instalada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-10 CVE Reserved
- 2020-02-07 CVE Published
- 2024-03-09 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html | 2020-02-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | <= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 3000 Search vendor "Bosch" for product "Divar Ip 3000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | <= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Search vendor "Bosch" for product "Divar Ip 7000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | <= 7.5 Search vendor "Bosch" for product "Video Management System" and version " <= 7.5" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 8.0 <= 8.0.0.329 Search vendor "Bosch" for product "Video Management System" and version " >= 8.0 <= 8.0.0.329" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System" and version " >= 9.0 <= 9.0.0.827" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | >= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System" and version " >= 10.0 <= 10.0.0.1225" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer" | <= 7.5 Search vendor "Bosch" for product "Video Management System Viewer" and version " <= 7.5" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer" | >= 8.0 <= 8.0.329 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 8.0 <= 8.0.329" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer" | >= 9.0 <= 9.0.0.827 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 9.0 <= 9.0.0.827" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer" | >= 10.0 <= 10.0.0.1225 Search vendor "Bosch" for product "Video Management System Viewer" and version " >= 10.0 <= 10.0.0.1225" | - |
Affected
| ||||||