CVE-2023-28175

Published: Jun 15, 2023Modified: Nov 21, 2024

7.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

Affected (9)

Products: Bosch: Video Management System, Video Management System Viewer, Divar Ip 3000 Firmware, Divar Ip 6000 Firmware, Divar Ip 4000 Firmware, Divar Ip 5000 Firmware, Divar Ip 7000 R2 Firmware, Divar Ip 7000 Firmware, Divar Ip 7000 R3 Firmware

Bosch

9 products

Video Management System

Video Management System Viewer

Divar Ip 3000 Firmware

Divar Ip 6000 Firmware

Divar Ip 4000 Firmware

Divar Ip 5000 Firmware

Divar Ip 7000 R2 Firmware

Divar Ip 7000 Firmware

Divar Ip 7000 R3 Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Bosch Video Management System	From 7.5 to 11.1.1
Bosch Video Management System Viewer	From 7.5 to 11.1.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 3000 Firmware	From 7.5 to 8.0

Running on/with	Platform Versions
Bosch Divar Ip 3000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 6000 Firmware	Version 11.1.1

Running on/with	Platform Versions
Bosch Divar Ip 6000	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 4000 Firmware	Version 11.1.1

Running on/with	Platform Versions
Bosch Divar Ip 4000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 5000 Firmware	From 9.0 to 11.1.1

Running on/with	Platform Versions
Bosch Divar Ip 5000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 7000 R2 Firmware	From 7.5 to 11.1.1

Running on/with	Platform Versions
Bosch Divar Ip 7000 R2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 7000 Firmware	From 7.5 to 8.0

Running on/with	Platform Versions
Bosch Divar Ip 7000	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch Divar Ip 7000 R3 Firmware	From 10.1.1 to 11.1.1

Running on/with	Platform Versions
Bosch Divar Ip 7000 R3	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (2)

https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html

Source: psirt@bosch.com

Vendor Advisory

https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.