CVE-2020-6768

🗓️ 07 Feb 2020 20:01:21Reported by boschType

Path traversal vulnerability in Bosch Video Management System (BVMS) NoTouch deployment allows remote attacker to read arbitrary files

Reporter	Title	Published	Views	Family All 6
CNVD	Bosch DIVAR IP 3000 Path Traversal Vulnerability	10 Feb 202000:00	–	cnvd
Cvelist	CVE-2020-6768 Path Traversal in Bosch Video Management System (BVMS)	7 Feb 202020:01	–	cvelist
EUVD	EUVD-2020-27915	7 Oct 202500:30	–	euvd
NVD	CVE-2020-6768	7 Feb 202021:15	–	nvd
OSV	CVE-2020-6768	7 Feb 202021:15	–	osv
Prion	Path traversal	7 Feb 202021:15	–	prion

NVD

Node

bosch video_management_system_viewerRange≤7.5

bosch video_management_system_viewerRange8.0–8.0.329

bosch video_management_system_viewerRange9.0–9.0.0.827

bosch video_management_system_viewerRange10.0–10.0.0.1225

Node

bosch video_management_systemRange≤7.5

bosch video_management_systemRange8.0–8.0.0.329

bosch video_management_systemRange9.0–9.0.0.827

bosch video_management_systemRange10.0–10.0.0.1225

AND

bosch divar_ip_3000Match-

Node

bosch video_management_systemRange≤7.5

bosch video_management_systemRange8.0–8.0.0.329

bosch video_management_systemRange9.0–9.0.0.827

bosch video_management_systemRange10.0–10.0.0.1225

AND

bosch divar_ip_7000Match-

Node

bosch video_management_systemRange≤7.5

bosch video_management_systemRange8.0–8.0.0.329

bosch video_management_systemRange9.0–9.0.0.827

bosch video_management_systemRange10.0–10.0.0.1225

AND

bosch divar_ip_all-in-one_5000Match-

[
  {
    "product": "DIVAR IP 3000",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "DIVAR IP 7000",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "DIVAR IP all-in-one 5000",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "product": "Bosch Video Management System",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThanOrEqual": "7.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "8.0.0.329",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.0.0.827",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.0.0.1225",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "BVMS Viewer",
    "vendor": "Bosch",
    "versions": [
      {
        "lessThanOrEqual": "7.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "8.0.0.329",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.0.0.827",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.0.0.1225",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html

21 Nov 2024 05:36Current

7.8High risk

Vulners AI Score7.8

CVSS 25

CVSS 3.17.5 - 8.6

EPSS0.01605

CWE-22