CVE-2019-11684

EPSS 0.21%
Veröffentlicht 26.02.2021 16:15:12
Zuletzt bearbeitet 21.11.2024 04:21:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Video Recording Manager Version >= 3.70 < 3.71.0034

Bosch ≫ Video Recording Manager Version >= 3.81 < 3.81.0050

Bosch ≫ Divar Ip 5000 Firmware Version >= 3.80 < 3.80.0039

Bosch ≫ Divar Ip 5000 Version-

Bosch ≫ Video Management System Version3.70.0056

Bosch ≫ Video Management System Version3.70.0058

Bosch ≫ Video Management System Version3.70.0060

Bosch ≫ Video Management System Version3.70.0062

Bosch ≫ Video Management System Version3.71.0022

Bosch ≫ Video Management System Version3.71.0029

Bosch ≫ Video Management System Version3.71.0031

Bosch ≫ Video Management System Version3.71.0032

Bosch ≫ Video Management System Version3.81.0032

Bosch ≫ Video Management System Version3.81.0038

Bosch ≫ Video Management System Version3.81.0048

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.396

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org	9.9	3.9	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://psirt.bosch.com/security-advisories/bosch-sa-804652.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11684

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-11684