CVE-2021-23859
Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
Un atacante no autenticado es capaz de enviar una petición HTTP especial, que causa el bloqueo de un servicio. En el caso de un VRM independiente o de un BVMS con instalación de VRM, este bloqueo también abre la posibilidad de enviar más comandos no autenticados al servicio. En algunos productos, la interfaz sólo es accesible localmente, reduciendo la puntuación base CVSS. Para ver una lista de las puntuaciones CVSS modificadas, consulte el capítulo del apéndice oficial de Bosch Advisory Puntuaciones CVSS modificadas para CVE-2021-23859
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-12 CVE Reserved
- 2021-12-08 CVE Published
- 2024-08-23 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-703: Improper Check or Handling of Exceptional Conditions
- CWE-755: Improper Handling of Exceptional Conditions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html | 2021-12-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | <= 9.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 9.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | <= 9.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 9.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | >= 10.0 < 10.0.2 Search vendor "Bosch" for product "Bosch Video Management System" and version " >= 10.0 < 10.0.2" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | >= 10.0 < 10.0.2 Search vendor "Bosch" for product "Bosch Video Management System" and version " >= 10.0 < 10.0.2" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 10.1 Search vendor "Bosch" for product "Bosch Video Management System" and version "10.1" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 10.1 Search vendor "Bosch" for product "Bosch Video Management System" and version "10.1" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 11.0 Search vendor "Bosch" for product "Bosch Video Management System" and version "11.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 11.0 Search vendor "Bosch" for product "Bosch Video Management System" and version "11.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | <= 3.81 Search vendor "Bosch" for product "Video Recording Manager" and version " <= 3.81" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | <= 3.81 Search vendor "Bosch" for product "Video Recording Manager" and version " <= 3.81" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.82 <= 3.82.0057 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.82 <= 3.82.0057" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.82 <= 3.82.0057 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.82 <= 3.82.0057" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.83 <= 3.83.0021 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.83 <= 3.83.0021" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.83 <= 3.83.0021 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.83 <= 3.83.0021" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 4.0 <= 4.00.0070 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 4.0 <= 4.00.0070" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 4.0 <= 4.00.0070 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 4.0 <= 4.00.0070" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Access Easy Controller Firmware Search vendor "Bosch" for product "Access Easy Controller Firmware" | <= 2.9.1.0 Search vendor "Bosch" for product "Access Easy Controller Firmware" and version " <= 2.9.1.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Access Easy Controller Search vendor "Bosch" for product "Access Easy Controller" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Access Professional Edition Search vendor "Bosch" for product "Access Professional Edition" | <= 3.8.0 Search vendor "Bosch" for product "Access Professional Edition" and version " <= 3.8.0" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Building Integration System Search vendor "Bosch" for product "Building Integration System" | <= 4.9 Search vendor "Bosch" for product "Building Integration System" and version " <= 4.9" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Recording Manager Exporter Search vendor "Bosch" for product "Video Recording Manager Exporter" | >= 2.1 <= 2.10.0008 Search vendor "Bosch" for product "Video Recording Manager Exporter" and version " >= 2.1 <= 2.10.0008" | - |
Affected
| ||||||