CVE-2023-35867
Severity Score
5.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Un manejo inadecuado de paquetes de respuesta API con formato incorrecto para clientes API en productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situaciĆ³n de denegaciĆ³n de servicio (DoS). Para aprovechar esta vulnerabilidad, un atacante debe reemplazar un servidor API existente, por ejemplo mediante ataques Man-in-the-Middle.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-19 CVE Reserved
- 2023-12-18 CVE Published
- 2023-12-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-703: Improper Check or Handling of Exceptional Conditions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html | 2023-12-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Divar Ip 7000 R2 Firmware Search vendor "Bosch" for product "Divar Ip 7000 R2 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip 7000 R2 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 7000 R2 Search vendor "Bosch" for product "Divar Ip 7000 R2" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip All-in-one 4000 Firmware Search vendor "Bosch" for product "Divar Ip All-in-one 4000 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip All-in-one 4000 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 4000 Search vendor "Bosch" for product "Divar Ip All-in-one 4000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Firmware Search vendor "Bosch" for product "Divar Ip All-in-one 5000 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip All-in-one 5000 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 5000 Search vendor "Bosch" for product "Divar Ip All-in-one 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip All-in-one 6000 Firmware Search vendor "Bosch" for product "Divar Ip All-in-one 6000 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip All-in-one 6000 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 6000 Search vendor "Bosch" for product "Divar Ip All-in-one 6000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip All-in-one 7000 Firmware Search vendor "Bosch" for product "Divar Ip All-in-one 7000 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip All-in-one 7000 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 7000 Search vendor "Bosch" for product "Divar Ip All-in-one 7000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip All-in-one 7000 R3 Firmware Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3 Firmware" | <= 12.0 Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3 Firmware" and version " <= 12.0" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip All-in-one 7000 R3 Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Building Integration System Video Engine Search vendor "Bosch" for product "Building Integration System Video Engine" | <= 5.0.1 Search vendor "Bosch" for product "Building Integration System Video Engine" and version " <= 5.0.1" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Bosch Video Management System Search vendor "Bosch" for product "Bosch Video Management System" | <= 12.0 Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 12.0" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Management System Viewer Search vendor "Bosch" for product "Video Management System Viewer" | <= 12.0 Search vendor "Bosch" for product "Video Management System Viewer" and version " <= 12.0" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Configuration Manager Search vendor "Bosch" for product "Configuration Manager" | <= 7.62 Search vendor "Bosch" for product "Configuration Manager" and version " <= 7.62" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Intelligent Insights Search vendor "Bosch" for product "Intelligent Insights" | <= 1.0.3.14 Search vendor "Bosch" for product "Intelligent Insights" and version " <= 1.0.3.14" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Onvif Camera Event Driver Tool Search vendor "Bosch" for product " Onvif Camera Event Driver Tool" | <= 2.0.0.8 Search vendor "Bosch" for product " Onvif Camera Event Driver Tool" and version " <= 2.0.0.8" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Project Assistant Search vendor "Bosch" for product "Project Assistant" | <= 2.3 Search vendor "Bosch" for product "Project Assistant" and version " <= 2.3" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Security Client Search vendor "Bosch" for product "Video Security Client" | <= 3.3.5 Search vendor "Bosch" for product "Video Security Client" and version " <= 3.3.5" | - |
Affected
| ||||||