CVE-2021-23859

EPSS 0.29%
Veröffentlicht 08.12.2021 22:15:08
Zuletzt bearbeitet 21.11.2024 05:51:58
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Bosch Video Management System Version <= 9.0

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Bosch Video Management System Version >= 10.0 < 10.0.2

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Bosch Video Management System Version10.1

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Bosch Video Management System Version11.0

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Video Recording Manager Version <= 3.81

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Video Recording Manager Version >= 3.82 <= 3.82.0057

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Video Recording Manager Version >= 3.83 <= 3.83.0021

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Video Recording Manager Version >= 4.0 <= 4.00.0070

Bosch ≫ Divar Ip 5000 Firmware Version-
Bosch ≫ Divar Ip 7000 Firmware Version-

Bosch ≫ Access Easy Controller Firmware Version <= 2.9.1.0

Bosch ≫ Access Easy Controller Version-

Bosch ≫ Access Professional Edition Version <= 3.8.0

Bosch ≫ Building Integration System Version <= 4.9

Bosch ≫ Video Recording Manager Exporter Version >= 2.1 <= 2.10.0008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.494

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
psirt@bosch.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-703 Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-23859

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23859

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23859

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-23859