CRITICAL🇬🇧 English

CVE-2019-11684

CVSS 9.9v3.1pub. 2021-02-26upd. 2024-11-21

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
  • Bosch Divar Ip 5000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 5000 Firmware

    OS
    Bosch
    3.80 – 3.80.0039 (bez)
  • Bosch Video Management System

    APP
    Bosch
    3.70.00563.70.00583.70.00603.70.00623.71.00223.71.00293.71.00313.71.00323.81.00323.81.00383.81.0048
  • Bosch Video Recording Manager

    APP
    Bosch
    3.81 – 3.81.0050 (bez)3.70 – 3.71.0034 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-23859CRITICAL9.1ten sam produkt

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2019-6957CRITICAL9.8ten sam produkt

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...

CVE-2023-32230HIGH7.5ten sam produkt

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an un...

CVE-2023-28175HIGH7.1ten sam produkt

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user ...

CVE-2019-11684 — CRITICAL 9.9 | CVEbaza.pl