8.6
CVE-2020-6768
- EPSS 1.61%
- Veröffentlicht 07.02.2020 21:15:10
- Zuletzt bearbeitet 21.11.2024 05:36:09
- Quelle psirt@bosch.com
- CVE-Watchlists
- Unerledigt
LoginA path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bosch ≫ Video Management System Viewer Version <= 7.5
Bosch ≫ Video Management System Viewer Version >= 8.0 <= 8.0.329
Bosch ≫ Video Management System Viewer Version >= 9.0 <= 9.0.0.827
Bosch ≫ Video Management System Viewer Version >= 10.0 <= 10.0.0.1225
Bosch ≫ Video Management System Version <= 7.5
Bosch ≫ Video Management System Version >= 8.0 <= 8.0.0.329
Bosch ≫ Video Management System Version >= 9.0 <= 9.0.0.827
Bosch ≫ Video Management System Version >= 10.0 <= 10.0.0.1225
Bosch ≫ Video Management System Version <= 7.5
Bosch ≫ Video Management System Version >= 8.0 <= 8.0.0.329
Bosch ≫ Video Management System Version >= 9.0 <= 9.0.0.827
Bosch ≫ Video Management System Version >= 10.0 <= 10.0.0.1225
Bosch ≫ Video Management System Version <= 7.5
Bosch ≫ Video Management System Version >= 8.0 <= 8.0.0.329
Bosch ≫ Video Management System Version >= 9.0 <= 9.0.0.827
Bosch ≫ Video Management System Version >= 10.0 <= 10.0.0.1225
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.61% | 0.812 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@bosch.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.