5.9
CVE-2023-35867
- EPSS 0.08%
- Veröffentlicht 18.12.2023 13:15:07
- Zuletzt bearbeitet 21.11.2024 08:08:51
- Quelle psirt@bosch.com
- CVE-Watchlists
- Unerledigt
LoginAn improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bosch ≫ Building Integration System Video Engine Version <= 5.0.1
Bosch ≫ Bosch Video Management System Version <= 12.0
Bosch ≫ Video Management System Viewer Version <= 12.0
Bosch ≫ Configuration Manager Version <= 7.62
Bosch ≫ Divar Ip 7000 R2 Firmware Version <= 12.0
Bosch ≫ Divar Ip All-in-one 4000 Firmware Version <= 12.0
Bosch ≫ Divar Ip All-in-one 5000 Firmware Version <= 12.0
Bosch ≫ Divar Ip All-in-one 6000 Firmware Version <= 12.0
Bosch ≫ Divar Ip All-in-one 7000 Firmware Version <= 12.0
Bosch ≫ Divar Ip All-in-one 7000 R3 Firmware Version <= 12.0
Bosch ≫ Intelligent Insights Version <= 1.0.3.14
Bosch ≫ Onvif Camera Event Driver Tool Version <= 2.0.0.8
Bosch ≫ Project Assistant Version <= 2.3
Bosch ≫ Video Security Client Version <= 3.3.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.246 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| psirt@bosch.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.