CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
33.6%
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
Vendor | Product | Version | CPE |
---|---|---|---|
bosch | divar_ip_4000 | - | cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* |
bosch | divar_ip_5000 | - | cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:* |
bosch | divar_ip_6000 | - | cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* |
bosch | divar_ip_7000 | - | cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:* |
bosch | divar_ip_7000_r2 | - | cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* |
bosch | divar_ip_7000_r3 | - | cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:* |
bosch | video_management_system | * | cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* |
bosch | video_management_system_viewer | * | cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* |
bosch | divar_ip_3000_firmware | * | cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:* |
bosch | divar_ip_3000 | - | cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:* |
[
{
"vendor": "Bosch",
"product": "BVMS",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "BVMS Viewer",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 3000",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "8.0"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 7000 R1",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "8.0"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 7000 R2",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 7000 R3",
"versions": [
{
"version": "10.1.1",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 5000",
"versions": [
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 7000",
"versions": [
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 4000",
"versions": [
{
"version": "11.1.1",
"status": "affected"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 6000",
"versions": [
{
"version": "11.1.1",
"status": "affected"
}
]
}
]