6.5

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoschBosch Video Management System Version <= 9.0
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschBosch Video Management System Version >= 10.0 < 10.0.2
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschBosch Video Management System Version10.1
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschBosch Video Management System Version11.0
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschVideo Recording Manager Version <= 3.81
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschVideo Recording Manager Version >= 3.82 <= 3.82.0057
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschVideo Recording Manager Version >= 3.83 <= 3.83.0021
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
BoschVideo Recording Manager Version >= 4.0 <= 4.00.0070
   BoschDivar Ip 5000 Firmware Version-
   BoschDivar Ip 7000 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.505
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
psirt@bosch.com 6.5 1.2 5.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.