CVE-2019-6957

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf	Vendor Advisory
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bosch:access_professional_edition::::::::
	cpe:2.3:a:bosch:bosch_video_client::::::::
	cpe:2.3:a:bosch:bosch_video_management_system::::::::
	cpe:2.3:a:bosch:building_integration_system::::::::
	cpe:2.3:a:bosch:building_integration_system:4.5:::::::*
	cpe:2.3:a:bosch:building_integration_system:4.6:::::::*
	cpe:2.3:a:bosch:building_integration_system:4.6.1:::::::*
	cpe:2.3:a:bosch:configuration_manager::::::::
	cpe:2.3:a:bosch:video_recording_manager::::::::
	cpe:2.3:a:bosch:video_recording_manager::::::::
	cpe:2.3:a:bosch:video_sdk::::::::
	cpe:2.3:a:bosch:video_streaming_gateway::::::::
	cpe:2.3:a:bosch:video_streaming_gateway::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:bosch:dip_2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dip_2000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:bosch:dip_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dip_3000:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:bosch:dip_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dip_5000:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:bosch:dip_7000_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:dip_7000:gen1:::::::*
	cpe:2.3:h:bosch:dip_7000:gen2:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:bosch:access_easy_controller_firmware:2.1.8.5:::::::*
	cpe:2.3:o:bosch:access_easy_controller_firmware:2.1.9.0:::::::*
	cpe:2.3:o:bosch:access_easy_controller_firmware:2.1.9.1:::::::*
	cpe:2.3:o:bosch:access_easy_controller_firmware:2.1.9.3:::::::*

cpe:2.3:h:bosch:access_easy_controller:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type	Values Removed	Values Added
References	~~() https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf - Vendor Advisory~~	() https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf - Vendor Advisory

Information

Published : 2019-05-29 19:29

Updated : 2024-11-21 04:47

NVD link : CVE-2019-6957

Mitre link : CVE-2019-6957

CVE.ORG link : CVE-2019-6957

JSON object : View

Products Affected

bosch

dip_2000_firmware
dip_5000_firmware
dip_3000
access_easy_controller_firmware
dip_7000
dip_7000_firmware
bosch_video_management_system
building_integration_system
configuration_manager
video_sdk
video_streaming_gateway
video_recording_manager
access_professional_edition
dip_3000_firmware
dip_5000
dip_2000
bosch_video_client
access_easy_controller

CWE

CWE-787

Out-of-bounds Write

9.8 /10