CVE-2019-6957

EPSS 1.1%
Veröffentlicht 29.05.2019 19:29:00
Zuletzt bearbeitet 21.11.2024 04:47:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Access Professional Edition Version >= 3.0 <= 3.7

Bosch ≫ Bosch Video Client Version < 1.7.6.079

Bosch ≫ Bosch Video Management System Version <= 9.0

Bosch ≫ Building Integration System Version >= 2.2 <= 4.4

Bosch ≫ Building Integration System Version4.5

Bosch ≫ Building Integration System Version4.6

Bosch ≫ Building Integration System Version4.6.1

Bosch ≫ Configuration Manager Version < 6.10

Bosch ≫ Video Recording Manager Version < 3.71.0032

Bosch ≫ Video Recording Manager Version >= 3.81 < 3.81.0048

Bosch ≫ Video Sdk Version < 6.32.0099

Bosch ≫ Video Streaming Gateway Version < 6.43.0023

Bosch ≫ Video Streaming Gateway Version >= 6.45 < 6.45.0008

Bosch ≫ Dip 2000 Firmware Version < 0380.037

Bosch ≫ Dip 2000 Version-

Bosch ≫ Dip 3000 Firmware Version-

Bosch ≫ Dip 3000 Version-

Bosch ≫ Dip 5000 Firmware Version < 038.037

Bosch ≫ Dip 5000 Version-

Bosch ≫ Dip 7000 Firmware Version-

Bosch ≫ Dip 7000 Versiongen1
Bosch ≫ Dip 7000 Versiongen2

Bosch ≫ Access Easy Controller Firmware Version2.1.8.5

Bosch ≫ Access Easy Controller Version-

Bosch ≫ Access Easy Controller Firmware Version2.1.9.0

Bosch ≫ Access Easy Controller Version-

Bosch ≫ Access Easy Controller Firmware Version2.1.9.1

Bosch ≫ Access Easy Controller Version-

Bosch ≫ Access Easy Controller Firmware Version2.1.9.3

Bosch ≫ Access Easy Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.1%	0.76

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-6957

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6957

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6957

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-6957