Lucene search
HistoryDec 18, 2023 - 1:15 p.m.
CVE-2023-35867
cve-2023-35867
bosch bt
software
dos
api
vulnerability
nvd
cve
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.7%
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Affected configurations
Node
boschbuilding_integration_system_video_engineRange≤5.0.1
Node
boschbosch_video_management_systemRange≤12.0
Node
boschvideo_management_system_viewerRange≤12.0
Node
boschconfiguration_managerRange≤7.62
Node
boschdivar_ip_7000_r2_firmwareRange≤12.0
boschdivar_ip_7000_r2Match-
Node
boschdivar_ip_all-in-one_4000_firmwareRange≤12.0
boschdivar_ip_all-in-one_4000Match-
Node
boschdivar_ip_all-in-one_5000_firmwareRange≤12.0
boschdivar_ip_all-in-one_5000Match-
Node
boschdivar_ip_all-in-one_6000_firmwareRange≤12.0
boschdivar_ip_all-in-one_6000Match-
Node
boschdivar_ip_all-in-one_7000_firmwareRange≤12.0
boschdivar_ip_all-in-one_7000Match-
Node
boschdivar_ip_all-in-one_7000_r3_firmwareRange≤12.0
boschdivar_ip_all-in-one_7000_r3Match-
Node
boschintelligent_insightsRange≤1.0.3.14
Node
bosch_onvif_camera_event_driver_toolRange≤2.0.0.8
Node
boschproject_assistantRange≤2.3
Node
boschvideo_security_clientRange≤3.3.5
CNA Affected
[
{
"vendor": "Bosch",
"product": "BVMS",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "BVMS Viewer",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "Configuration Manager",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "7.62"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP 7000 R2",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 5000",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 7000",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 7000 R3",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 4000",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "DIVAR IP all-in-one 6000",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "12.0.0"
}
]
},
{
"vendor": "Bosch",
"product": "Project Assistant",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "2.3"
}
]
},
{
"vendor": "Bosch",
"product": "Video Security Client",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "3.3.5"
}
]
},
{
"vendor": "Bosch",
"product": "BIS Video Engine",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "5.0.1"
}
]
},
{
"vendor": "Bosch",
"product": "Intelligent Insights",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "1.0.3.14"
}
]
},
{
"vendor": "Bosch",
"product": "ONVIF Camera Event Driver Tool",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "2.0.0.8"
}
]
}
]Related
cvelist
cvelist
CVE-2023-35867
2023-12-18 12:59:48
prion
prion
Design/Logic Flaw
2023-12-18 13:15:00
nvd
nvd
CVE-2023-35867
2023-12-18 13:15:07
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.7%
Related for CVE-2023-35867