CVE-2021-23862
Authenticated Remote Code Execution
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
Un paquete de configuración diseñado enviado por un usuario administrativo autenticado puede ser usado para ejecutar comandos arbitrarios en el contexto del sistema. Este problema también afecta a las instalaciones de VRM, DIVAR IP, BVMS con VRM instalado, el decodificador VIDEOJET (VJD-7513 y VJD-8000)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-12 CVE Reserved
- 2021-12-08 CVE Published
- 2023-07-01 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html | 2022-08-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | <= 9.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 9.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | <= 9.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 9.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | >= 10.0 < 10.0.2 Search vendor "Bosch" for product "Bosch Video Management System" and version " >= 10.0 < 10.0.2" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | >= 10.0 < 10.0.2 Search vendor "Bosch" for product "Bosch Video Management System" and version " >= 10.0 < 10.0.2" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 10.1 Search vendor "Bosch" for product "Bosch Video Management System" and version "10.1" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 10.1 Search vendor "Bosch" for product "Bosch Video Management System" and version "10.1" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 11.0 Search vendor "Bosch" for product "Bosch Video Management System" and version "11.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | 11.0 Search vendor "Bosch" for product "Bosch Video Management System" and version "11.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | <= 3.81 Search vendor "Bosch" for product "Video Recording Manager" and version " <= 3.81" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | <= 3.81 Search vendor "Bosch" for product "Video Recording Manager" and version " <= 3.81" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.82 <= 3.82.0057 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.82 <= 3.82.0057" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.82 <= 3.82.0057 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.82 <= 3.82.0057" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.83 <= 3.83.0021 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.83 <= 3.83.0021" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.83 <= 3.83.0021 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.83 <= 3.83.0021" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 4.0 <= 4.00.0070 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 4.0 <= 4.00.0070" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 4.0 <= 4.00.0070 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 4.0 <= 4.00.0070" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 Firmware Search vendor "Bosch" for product "Divar Ip 7000 Firmware" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Videojet Decoder 7513 Firmware Search vendor "Bosch" for product "Videojet Decoder 7513 Firmware" | <= 10.22.0038 Search vendor "Bosch" for product "Videojet Decoder 7513 Firmware" and version " <= 10.22.0038" | - |
Affected
| in | Bosch Search vendor "Bosch" | Videojet Decoder 7513 Search vendor "Bosch" for product "Videojet Decoder 7513" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Videojet Decoder 8000 Firmware Search vendor "Bosch" for product "Videojet Decoder 8000 Firmware" | <= 10.01.0036 Search vendor "Bosch" for product "Videojet Decoder 8000 Firmware" and version " <= 10.01.0036" | - |
Affected
| in | Bosch Search vendor "Bosch" | Videojet Decoder 8000 Search vendor "Bosch" for product "Videojet Decoder 8000" | - | - |
Safe
|