Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jul 2023, 13:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html - Vendor Advisory | |
First Time |
Bosch video Management System
Bosch divar Ip 6000 Firmware Bosch divar Ip 4000 Firmware Bosch divar Ip 3000 Firmware Bosch Bosch divar Ip 7000 Bosch divar Ip 7000 R2 Bosch divar Ip 5000 Bosch divar Ip 4000 Bosch divar Ip 6000 Bosch divar Ip 7000 R3 Bosch divar Ip 3000 Bosch divar Ip 7000 R3 Firmware Bosch divar Ip 7000 Firmware Bosch video Management System Viewer Bosch divar Ip 7000 R2 Firmware Bosch divar Ip 5000 Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
CWE | CWE-863 | |
CPE | cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_7000_r3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_5000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_4000_firmware:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_6000_firmware:11.1.1:*:*:*:*:*:*:* |
15 Jun 2023, 12:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-15 11:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28175
Mitre link : CVE-2023-28175
CVE.ORG link : CVE-2023-28175
JSON object : View
Products Affected
bosch
- divar_ip_7000
- video_management_system_viewer
- divar_ip_7000_r3
- divar_ip_6000
- divar_ip_7000_r2_firmware
- divar_ip_4000_firmware
- divar_ip_3000_firmware
- divar_ip_7000_r3_firmware
- divar_ip_4000
- divar_ip_7000_firmware
- divar_ip_5000
- divar_ip_5000_firmware
- video_management_system
- divar_ip_6000_firmware
- divar_ip_7000_r2
- divar_ip_3000