Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-6958
HistoryMay 29, 2019 - 7:29 p.m.

CVE-2019-6958

2019-05-2919:29:00
CWE-306
[email protected]
web.nvd.nist.gov
127
cve-2019-6958
bosch video management system
divar ip
configuration manager
building integration system
access professional edition
access easy controller
bosch video client
video sdk
cwe-284
improper access control
nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as “CWE-284: Improper Access Control.” This vulnerability, for example, allows a potential attacker to delete video or read video data.

Affected configurations

NVD
Node
boschaccess_professional_editionRange3.03.7
OR
boschbosch_video_clientRange<1.7.6.079
OR
boschbosch_video_management_systemRange9.0
OR
boschbuilding_integration_systemRange2.24.4
OR
boschbuilding_integration_systemMatch4.5
OR
boschbuilding_integration_systemMatch4.6
OR
boschbuilding_integration_systemMatch4.6.1
OR
boschconfiguration_managerRange<6.10
OR
boschvideo_sdkRange<6.32.0099
Node
boschdip_2000Match-
AND
boschdip_2000_firmwareRange<0380.037
Node
boschdip_3000_firmwareMatch-
AND
boschdip_3000Match-
Node
boschdip_5000_firmwareRange<038.037
AND
boschdip_5000Match-
Node
boschdip_7000_firmwareMatch-
AND
boschdip_7000Matchgen1
OR
boschdip_7000Matchgen2
Node
boschaccess_easy_controller_firmwareMatch2.1.8.5
OR
boschaccess_easy_controller_firmwareMatch2.1.9.0
OR
boschaccess_easy_controller_firmwareMatch2.1.9.1
OR
boschaccess_easy_controller_firmwareMatch2.1.9.3
AND
boschaccess_easy_controllerMatch-

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2019-6958
2019-05-29 19:29:00
prion
prion
Improper access control
2019-05-29 19:29:00
cvelist
cvelist
CVE-2019-6958 Improper Access Control for Bosch Video Systems, PSIM and Access Control Systems
2019-03-04 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.9%

JSON
Related for CVE-2019-6958
nvd1prion1cvelist1