CVE-2020-6769

EPSS 1.08%
Veröffentlicht 07.02.2020 20:15:35
Zuletzt bearbeitet 21.11.2024 05:36:09
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Video Streaming Gateway Version <= 6.42.10

Bosch ≫ Video Streaming Gateway Version >= 6.43 <= 6.43.0023

Bosch ≫ Video Streaming Gateway Version >= 6.44 <= 6.44.022

Bosch ≫ Video Streaming Gateway Version >= 6.45 <= 6.45.08

Bosch ≫ Divar Ip 2000 Firmware Version <= 3.62.0019

Bosch ≫ Divar Ip 2000 Version-

Bosch ≫ Divar Ip 5000 Firmware Version <= 3.80.0039

Bosch ≫ Divar Ip 5000 Version-

Bosch ≫ Video Streaming Gateway Version <= 6.42.10

Bosch ≫ Divar Ip 3000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.43 <= 6.43.0023

Bosch ≫ Divar Ip 3000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.44 <= 6.44.022

Bosch ≫ Divar Ip 3000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.45 <= 6.45.08

Bosch ≫ Divar Ip 3000 Version-

Bosch ≫ Video Streaming Gateway Version <= 6.42.10

Bosch ≫ Divar Ip 7000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.43 <= 6.43.0023

Bosch ≫ Divar Ip 7000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.44 <= 6.44.022

Bosch ≫ Divar Ip 7000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.45 <= 6.45.08

Bosch ≫ Divar Ip 7000 Version-

Bosch ≫ Video Streaming Gateway Version <= 6.42.10

Bosch ≫ Divar Ip All-in-one 5000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.43 <= 6.43.0023

Bosch ≫ Divar Ip All-in-one 5000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.44 <= 6.44.022

Bosch ≫ Divar Ip All-in-one 5000 Version-

Bosch ≫ Video Streaming Gateway Version >= 6.45 <= 6.45.08

Bosch ≫ Divar Ip All-in-one 5000 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.08%	0.772

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
psirt@bosch.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-6769

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6769

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6769

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-6769