Lucene search
BoschCVE-2023-28175HistoryJun 15, 2023 - 11:15 a.m.
CVE-2023-28175
2023-06-1511:15:09
CWE-200
CWE-863
bosch
web.nvd.nist.gov
13
bosch vms
ssh server
remote access
cve-2023-28175
nvd
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
33.6%
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
Affected configurations
Node
boschdivar_ip_4000Match-
ORboschdivar_ip_5000Match-
ORboschdivar_ip_6000Match-
ORboschdivar_ip_7000Match-
ORboschdivar_ip_7000_r2Match-
ORboschdivar_ip_7000_r3Match-
boschvideo_management_systemRange7.5–11.1.1
ORboschvideo_management_system_viewerRange7.5–11.1.1
Node
boschdivar_ip_3000_firmwareRange7.5–8.0
boschdivar_ip_3000Match-
Node
boschdivar_ip_6000_firmwareMatch11.1.1
boschdivar_ip_6000Match-
Node
boschdivar_ip_4000_firmwareMatch11.1.1
boschdivar_ip_4000Match-
Node
boschdivar_ip_5000_firmwareRange9.0–11.1.1
boschdivar_ip_5000Match-
Node
boschdivar_ip_7000_r2_firmwareRange7.5–11.1.1
boschdivar_ip_7000_r2Match-
Node
boschdivar_ip_7000_firmwareRange7.5–8.0
boschdivar_ip_7000Match-
Node
boschdivar_ip_7000_r3_firmwareRange10.1.1–11.1.1
boschdivar_ip_7000_r3Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bosch | divar_ip_4000 | - | cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* |
| bosch | divar_ip_5000 | - | cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:* |
| bosch | divar_ip_6000 | - | cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* |
| bosch | divar_ip_7000 | - | cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:* |
| bosch | divar_ip_7000_r2 | - | cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* |
| bosch | divar_ip_7000_r3 | - | cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:* |
| bosch | video_management_system | * | cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* |
| bosch | video_management_system_viewer | * | cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* |
| bosch | divar_ip_3000_firmware | * | cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:* |
| bosch | divar_ip_3000 | - | cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Bosch",
"product": "BVMS",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "BVMS Viewer",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 3000",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "8.0"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 7000 R1",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "8.0"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP 7000 R2",
"versions": [
{
"version": "7.5",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 7000 R3",
"versions": [
{
"version": "10.1.1",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 5000",
"versions": [
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "Bosch DIVAR IP all-in-one 7000",
"versions": [
{
"version": "9.0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "11.1.1"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 4000",
"versions": [
{
"version": "11.1.1",
"status": "affected"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 6000",
"versions": [
{
"version": "11.1.1",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-28175
2023-06-15 11:15:09
prion
prion
Authorization
2023-06-15 11:15:00
cvelist
cvelist
CVE-2023-28175
2023-06-15 10:14:34
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
AI Score
7.2
Confidence
High
EPSS
0.001
Percentile
33.6%
Related for CVE-2023-28175