CVE-2023-35867
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
20.5%
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bosch | building_integration_system_video_engine | * | cpe:2.3:a:bosch:building_integration_system_video_engine:*:*:*:*:*:*:*:* |
| bosch | bosch_video_management_system | * | cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:* |
| bosch | video_management_system_viewer | * | cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* |
| bosch | configuration_manager | * | cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:* |
| bosch | divar_ip_7000_r2_firmware | * | cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:* |
| bosch | divar_ip_7000_r2 | - | cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* |
| bosch | divar_ip_all-in-one_4000_firmware | * | cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:*:*:*:*:*:*:*:* |
| bosch | divar_ip_all-in-one_4000 | - | cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-:*:*:*:*:*:*:* |
| bosch | divar_ip_all-in-one_5000_firmware | * | cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:*:*:*:*:*:*:*:* |
| bosch | divar_ip_all-in-one_5000 | - | cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
20.5%