CRITICAL🇬🇧 English

CVE-2021-23859

CVSS 9.1v3.1pub. 2021-12-08upd. 2024-11-21

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Bosch Access Easy Controller

    HW
    Bosch
    wszystkie wersje
  • Bosch Access Easy Controller Firmware

    OS
    Bosch
    ≤ 2.9.1.0
  • Bosch Access Professional Edition

    APP
    Bosch
    ≤ 3.8.0
  • Bosch Video Management System

    APP
    Bosch
    10.111.010.0 – 10.0.2 (bez)≤ 9.0
  • Bosch Building Integration System

    APP
    Bosch
    ≤ 4.9
  • Bosch Divar Ip 5000 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000 Firmware

    OS
    Bosch
    wszystkie wersje
  • Bosch Video Recording Manager

    APP
    Bosch
    4.0 – 4.00.0070≤ 3.813.82 – 3.82.00573.83 – 3.83.0021
  • Bosch Video Recording Manager Exporter

    APP
    Bosch
    2.1 – 2.10.0008
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2019-11684CRITICAL9.9ten sam produkt

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitra...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2020-6770CRITICAL10.0ten sam produkt

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote...

CVE-2019-6958CRITICAL9.1ten sam produkt

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...

CVE-2019-6957CRITICAL9.8ten sam produkt

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and...

CVE-2021-23859 — CRITICAL 9.1 | CVEbaza.pl