← Back

CVE-2023-35867

nvd nist
Published: Dec 18, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 3.6
Source: NVD

Description

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

Affected (14)

Bosch
14 products
Building Integration System Video Engine
Bosch Video Management System
Video Management System Viewer
Configuration Manager
Divar Ip 7000 R2 Firmware
Divar Ip All In One 4000 Firmware
Divar Ip All In One 5000 Firmware
Divar Ip All In One 6000 Firmware
Divar Ip All In One 7000 Firmware
Divar Ip All In One 7000 R3 Firmware
Intelligent Insights
Onvif Camera Event Driver Tool
Project Assistant
Video Security Client
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Building Integration System Video Engine
Up to 5.0.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Bosch Video Management System
Up to 12.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Video Management System Viewer
Up to 12.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Configuration Manager
Up to 7.62
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip 7000 R2 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip 7000 R2
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip All In One 4000 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip All In One 4000
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip All In One 5000 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip All In One 5000
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip All In One 6000 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip All In One 6000
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip All In One 7000 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip All In One 7000
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Divar Ip All In One 7000 R3 Firmware
Up to 12.0
Running on/withPlatform Versions
Bosch
Divar Ip All In One 7000 R3
All versions
Configuration K
1 vulnerable
Vulnerable SoftwareAffected Versions
Intelligent Insights
Up to 1.0.3.14
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Onvif Camera Event Driver Tool
Up to 2.0.0.8
Configuration M
1 vulnerable
Vulnerable SoftwareAffected Versions
Project Assistant
Up to 2.3
Configuration N
1 vulnerable
Vulnerable SoftwareAffected Versions
Video Security Client
Up to 3.3.5

Related CWEs

CWE-703
Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

References (2)

Source: psirt@bosch.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.