// For flags

CVE-2023-35867

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

Un manejo inadecuado de paquetes de respuesta API con formato incorrecto para clientes API en productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situaciĆ³n de denegaciĆ³n de servicio (DoS). Para aprovechar esta vulnerabilidad, un atacante debe reemplazar un servidor API existente, por ejemplo mediante ataques Man-in-the-Middle.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-06-19 CVE Reserved
  • 2023-12-18 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-703: Improper Check or Handling of Exceptional Conditions
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bosch
Search vendor "Bosch"
Divar Ip 7000 R2 Firmware
Search vendor "Bosch" for product "Divar Ip 7000 R2 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip 7000 R2 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip 7000 R2
Search vendor "Bosch" for product "Divar Ip 7000 R2"
--
Safe
Bosch
Search vendor "Bosch"
Divar Ip All-in-one 4000 Firmware
Search vendor "Bosch" for product "Divar Ip All-in-one 4000 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip All-in-one 4000 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip All-in-one 4000
Search vendor "Bosch" for product "Divar Ip All-in-one 4000"
--
Safe
Bosch
Search vendor "Bosch"
Divar Ip All-in-one 5000 Firmware
Search vendor "Bosch" for product "Divar Ip All-in-one 5000 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip All-in-one 5000 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip All-in-one 5000
Search vendor "Bosch" for product "Divar Ip All-in-one 5000"
--
Safe
Bosch
Search vendor "Bosch"
Divar Ip All-in-one 6000 Firmware
Search vendor "Bosch" for product "Divar Ip All-in-one 6000 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip All-in-one 6000 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip All-in-one 6000
Search vendor "Bosch" for product "Divar Ip All-in-one 6000"
--
Safe
Bosch
Search vendor "Bosch"
Divar Ip All-in-one 7000 Firmware
Search vendor "Bosch" for product "Divar Ip All-in-one 7000 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip All-in-one 7000 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip All-in-one 7000
Search vendor "Bosch" for product "Divar Ip All-in-one 7000"
--
Safe
Bosch
Search vendor "Bosch"
Divar Ip All-in-one 7000 R3 Firmware
Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3 Firmware"
<= 12.0
Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3 Firmware" and version " <= 12.0"
-
Affected
in Bosch
Search vendor "Bosch"
Divar Ip All-in-one 7000 R3
Search vendor "Bosch" for product "Divar Ip All-in-one 7000 R3"
--
Safe
Bosch
Search vendor "Bosch"
Building Integration System Video Engine
Search vendor "Bosch" for product "Building Integration System Video Engine"
<= 5.0.1
Search vendor "Bosch" for product "Building Integration System Video Engine" and version " <= 5.0.1"
-
Affected
Bosch
Search vendor "Bosch"
Bosch Video Management System
Search vendor "Bosch" for product "Bosch Video Management System"
<= 12.0
Search vendor "Bosch" for product "Bosch Video Management System" and version " <= 12.0"
-
Affected
Bosch
Search vendor "Bosch"
Video Management System Viewer
Search vendor "Bosch" for product "Video Management System Viewer"
<= 12.0
Search vendor "Bosch" for product "Video Management System Viewer" and version " <= 12.0"
-
Affected
Bosch
Search vendor "Bosch"
Configuration Manager
Search vendor "Bosch" for product "Configuration Manager"
<= 7.62
Search vendor "Bosch" for product "Configuration Manager" and version " <= 7.62"
-
Affected
Bosch
Search vendor "Bosch"
Intelligent Insights
Search vendor "Bosch" for product "Intelligent Insights"
<= 1.0.3.14
Search vendor "Bosch" for product "Intelligent Insights" and version " <= 1.0.3.14"
-
Affected
Bosch
Search vendor "Bosch"
Onvif Camera Event Driver Tool
Search vendor "Bosch" for product " Onvif Camera Event Driver Tool"
<= 2.0.0.8
Search vendor "Bosch" for product " Onvif Camera Event Driver Tool" and version " <= 2.0.0.8"
-
Affected
Bosch
Search vendor "Bosch"
Project Assistant
Search vendor "Bosch" for product "Project Assistant"
<= 2.3
Search vendor "Bosch" for product "Project Assistant" and version " <= 2.3"
-
Affected
Bosch
Search vendor "Bosch"
Video Security Client
Search vendor "Bosch" for product "Video Security Client"
<= 3.3.5
Search vendor "Bosch" for product "Video Security Client" and version " <= 3.3.5"
-
Affected