Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
05 Jul 2023, 13:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Bosch
Bosch divar Ip 4000 Firmware Bosch video Management System Bosch divar Ip 7000 R2 Firmware Bosch divar Ip 7000 Firmware Bosch divar Ip 7000 R3 Bosch divar Ip 3000 Firmware Bosch divar Ip 4000 Bosch video Management System Viewer Bosch divar Ip 5000 Firmware Bosch divar Ip 7000 R2 Bosch divar Ip 5000 Bosch divar Ip 7000 R3 Firmware Bosch divar Ip 6000 Bosch divar Ip 7000 Bosch divar Ip 3000 Bosch divar Ip 6000 Firmware |
|
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.7 |
CPE | cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_5000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_6000_firmware:11.1.1:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_7000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_4000_firmware:11.1.1:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_7000_r3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:* cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html - Vendor Advisory |
15 Jun 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-15 11:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-28175
Mitre link : CVE-2023-28175
CVE.ORG link : CVE-2023-28175
JSON object : View
Products Affected
bosch
- divar_ip_5000
- divar_ip_7000_r3_firmware
- divar_ip_6000
- divar_ip_5000_firmware
- video_management_system
- divar_ip_7000_r2
- divar_ip_7000_r3
- divar_ip_7000_firmware
- video_management_system_viewer
- divar_ip_4000_firmware
- divar_ip_4000
- divar_ip_7000_r2_firmware
- divar_ip_3000
- divar_ip_7000
- divar_ip_6000_firmware
- divar_ip_3000_firmware