7.7
CVE-2023-28175
- EPSS 0.14%
- Veröffentlicht 15.06.2023 11:15:09
- Zuletzt bearbeitet 21.11.2024 07:54:32
- Quelle psirt@bosch.com
- CVE-Watchlists
- Unerledigt
LoginImproper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bosch ≫ Video Management System Version >= 7.5 <= 11.1.1
Bosch ≫ Divar Ip 4000 Version-
Bosch ≫ Divar Ip 5000 Version-
Bosch ≫ Divar Ip 6000 Version-
Bosch ≫ Divar Ip 7000 Version-
Bosch ≫ Divar Ip 7000 R2 Version-
Bosch ≫ Divar Ip 7000 R3 Version-
Bosch ≫ Divar Ip 5000 Version-
Bosch ≫ Divar Ip 6000 Version-
Bosch ≫ Divar Ip 7000 Version-
Bosch ≫ Divar Ip 7000 R2 Version-
Bosch ≫ Divar Ip 7000 R3 Version-
Bosch ≫ Video Management System Viewer Version >= 7.5 <= 11.1.1
Bosch ≫ Divar Ip 4000 Version-
Bosch ≫ Divar Ip 5000 Version-
Bosch ≫ Divar Ip 6000 Version-
Bosch ≫ Divar Ip 7000 Version-
Bosch ≫ Divar Ip 7000 R2 Version-
Bosch ≫ Divar Ip 7000 R3 Version-
Bosch ≫ Divar Ip 5000 Version-
Bosch ≫ Divar Ip 6000 Version-
Bosch ≫ Divar Ip 7000 Version-
Bosch ≫ Divar Ip 7000 R2 Version-
Bosch ≫ Divar Ip 7000 R3 Version-
Bosch ≫ Divar Ip 3000 Firmware Version >= 7.5 <= 8.0
Bosch ≫ Divar Ip 6000 Firmware Version11.1.1
Bosch ≫ Divar Ip 4000 Firmware Version11.1.1
Bosch ≫ Divar Ip 5000 Firmware Version >= 9.0 <= 11.1.1
Bosch ≫ Divar Ip 7000 R2 Firmware Version >= 7.5 <= 11.1.1
Bosch ≫ Divar Ip 7000 Firmware Version >= 7.5 <= 8.0
Bosch ≫ Divar Ip 7000 R3 Firmware Version >= 10.1.1 <= 11.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.353 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 3.1 | 4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| psirt@bosch.com | 7.1 | 1.8 | 4.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.