Lucene search

[email protected]CVE-2019-6957

HistoryMay 29, 2019 - 7:29 p.m.

CVE-2019-6957

2019-05-2919:29:00

CWE-787

[email protected]

web.nvd.nist.gov

126

cve-2019-6957

bosch

video management system

divar ip

vrm

vsg

security vulnerability

unauthorized code execution

nvd

vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

CPENameOperatorVersion
bosch:video_recording_managerbosch video recording managerlt3.71.0032
bosch:bosch_video_management_systembosch bosch video management systemle9.0
bosch:access_professional_editionbosch access professional editionle3.7
bosch:building_integration_systembosch building integration systemle4.4
bosch:building_integration_systembosch building integration systemeq4.5
bosch:building_integration_systembosch building integration systemeq4.6
bosch:building_integration_systembosch building integration systemeq4.6.1
bosch:bosch_video_clientbosch bosch video clientlt1.7.6.079
bosch:video_sdkbosch video sdklt6.32.0099
bosch:configuration_managerbosch configuration managerlt6.10

CPE	Name	Operator	Version
bosch:video_recording_manager	bosch video recording manager	lt	3.71.0032
bosch:bosch_video_management_system	bosch bosch video management system	le	9.0
bosch:access_professional_edition	bosch access professional edition	le	3.7
bosch:building_integration_system	bosch building integration system	le	4.4
bosch:building_integration_system	bosch building integration system	eq	4.5
bosch:building_integration_system	bosch building integration system	eq	4.6
bosch:building_integration_system	bosch building integration system	eq	4.6.1
bosch:bosch_video_client	bosch bosch video client	lt	1.7.6.079
bosch:video_sdk	bosch video sdk	lt	6.32.0099
bosch:configuration_manager	bosch configuration manager	lt	6.10

Rows per page:

1-10 of 211

References

media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2019-6957

prion1 cvelist1