CVE-2019-8951

Published: May 13, 2019Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056).

Affected (5)

Products: Bosch: Divar Ip 2000 Firmware, Divar Ip 5000 Firmware, Video Management System, Video Recording Manager

4 products

Divar Ip 2000 Firmware

Divar Ip 5000 Firmware

Video Management System

Video Recording Manager

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 2000 Firmware	Before 3.62.0019

Running on/with	Platform Versions
Bosch Divar Ip 2000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 5000 Firmware	Before 3.80.0033

Running on/with	Platform Versions
Bosch Divar Ip 5000	All versions

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Bosch Video Management System	Before 3.71.0056
Bosch Video Recording Manager	Before 3.70.0056
Bosch Video Recording Manager	From 3.81 to 3.81.0032

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (8)

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0401bt-cve-2019-8951_security_advisory_vrm_open_redirect.pdf

Source: cve@mitre.org

Vendor Advisory

https://psirt.bosch.com

Source: cve@mitre.org

Vendor Advisory

https://psirt.bosch.com/Advisory/BOSCH-2019-0401.html

Source: cve@mitre.org

Vendor Advisory

https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html

Source: cve@mitre.org

Vendor Advisory

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0401bt-cve-2019-8951_security_advisory_vrm_open_redirect.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://psirt.bosch.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://psirt.bosch.com/Advisory/BOSCH-2019-0401.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.boschsecurity.com/xc/en/support/product-security/security-advisories.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.