CVE-2019-11684

Published: Feb 26, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

Affected (14)

Products: Bosch: Video Recording Manager, Divar Ip 5000 Firmware, Video Management System

Bosch

3 products

Video Recording Manager

Divar Ip 5000 Firmware

Video Management System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bosch Video Recording Manager	From 3.70 to 3.71.0034
Bosch Video Recording Manager	From 3.81 to 3.81.0050

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 5000 Firmware	From 3.80 to 3.80.0039

Running on/with	Platform Versions
Bosch Divar Ip 5000	All versions

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Bosch Video Management System	Version 3.70.0056
Bosch Video Management System	Version 3.70.0058
Bosch Video Management System	Version 3.70.0060
Bosch Video Management System	Version 3.70.0062
Bosch Video Management System	Version 3.71.0022
Bosch Video Management System	Version 3.71.0029
Bosch Video Management System	Version 3.71.0031
Bosch Video Management System	Version 3.71.0032
Bosch Video Management System	Version 3.81.0032
Bosch Video Management System	Version 3.81.0038
Bosch Video Management System	Version 3.81.0048

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://psirt.bosch.com/security-advisories/bosch-sa-804652.html

Source: cve@mitre.org

Vendor Advisory

https://psirt.bosch.com/security-advisories/bosch-sa-804652.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.