Lucene search

[email protected]CVE-2018-19036

HistoryDec 17, 2018 - 7:29 p.m.

CVE-2018-19036

2018-12-1719:29:00

CWE-119

[email protected]

web.nvd.nist.gov

bosch

ip cameras

firmware

security vulnerability

code execution

network vulnerability

cve-2018-19036

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

Affected configurations

NVD

Node

boschcommon_product_platform_4_firmwareRange6.32≥

AND

boschautodome_ip_4000_hdMatch-

boschautodome_ip_5000_hdMatch-

boschautodome_ip_5000_irMatch-

boschautodome_ip_7000Match-

boschdinion_hd_1080pMatch-

boschdinion_hd_1080p_hdrMatch-

boschdinion_hd_720pMatch-

boschdinion_imager_9000_hdMatch-

boschdinion_ip_4000_hdMatch-

boschdinion_ip_5000_hdMatch-

boschdinion_ip_5000_mpMatch-

boschdinion_ip_bullet_4000Match-

boschdinion_ip_bullet_5000Match-

boschdinion_ip_starlight_7000_hdMatch-

boschextegra_ip_dynamic_9000Match-

boschextegra_ip_starlight_9000Match-

boschflexidome_corner_9000_mpMatch-

boschflexidome_hd_1080pMatch-

boschflexidome_hd_1080p_hdrMatch-

boschflexidome_hd_720pMatch-

boschflexidome_ip_indoor_4000_hdMatch-

boschflexidome_ip_indoor_4000_irMatch-

boschflexidome_ip_indoor_5000_hdMatch-

boschflexidome_ip_indoor_5000_mpMatch-

boschflexidome_ip_micro_2000_hdMatch-

boschflexidome_ip_micro_2000_ipMatch-

boschflexidome_ip_micro_5000_hdMatch-

boschflexidome_ip_micro_5000_mpMatch-

boschflexidome_ip_outdoor_4000_hdMatch-

boschflexidome_ip_outdoor_4000_irMatch-

boschflexidome_ip_outdoor_5000_hdMatch-

boschflexidome_ip_outdoor_5000_mpMatch-

boschflexidome_ip_panormic_5000Match-

boschip_2000Match-

boschip_2000_hdMatch-

boschip_bullet_4000_hdMatch-

boschip_bullet_5000_hdMatch-

boschmic_ip_dynamic_7000Match-

boschmic_ip_starlight_7000Match-

boschtinyon_ip_2000Match-

boschvandal-proof_flexidome_hd_1080pMatch-

boschvandal-proof_flexidome_hd_1080p_hdrMatch-

boschvandal-proof_flexidome_hd_720pMatch-

Node

boschcommon_product_platform_6_firmwareRange6.32≥

AND

boschaviotec_ip_starlight_8000Match-

boschdinion_ip_starlight_8000_12mpMatch-

boschdinion_ip_ultra_8000_12mpMatch-

boschflexidome_ip_panoramic_6000_12mp_180Match-

boschflexidome_ip_panoramic_6000_12mp_180_ivaMatch-

boschflexidome_ip_panoramic_6000_12mp_360Match-

boschflexidome_ip_panoramic_6000_12mp_360_ivaMatch-

boschflexidome_ip_panoramic_7000_12mp_180Match-

boschflexidome_ip_panoramic_7000_12mp_180_ivaMatch-

boschflexidome_ip_panoramic_7000_12mp_360Match-

boschflexidome_ip_panoramic_7000_12mp_360_ivaMatch-

Node

boschcommon_product_platform_7_firmwareRange6.32≥

AND

boschdinion_ip_starlight_6000Match-

boschdinion_ip_starlight_7000Match-

boschdinion_ip_thermal_8000Match-

boschflexidome_ip_starlight_6000Match-

boschflexidome_ip_starlight_7000Match-

Node

boschcommon_product_platform_7.3_firmwareRange6.32≥

AND

boschautodome_ip_4000iMatch-

boschautodome_ip_5000iMatch-

boschautodome_ip_starlight_5000iMatch-

boschautodome_ip_starlight_7000iMatch-

boschdinion_ip_bullet_4000iMatch-

boschdinion_ip_bullet_5000iMatch-

boschdinion_ip_bullet_6000iMatch-

boschflexidome_ip_4000iMatch-

boschflexidome_ip_5000iMatch-

boschmic_ip_fusion_9000iMatch-

boschmic_ip_starlight_7000iMatch-

CPENameOperatorVersion
bosch:common_product_platform_4_firmwarebosch common product platform 4 firmwareeq*

CPE	Name	Operator	Version
bosch:common_product_platform_4_firmware	bosch common product platform 4 firmware	eq	*

References

media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2018-19036

prion1 cvelist1 nvd1