CVE-2023-35867

🗓️ 18 Dec 2023 12:59:48Reported by boschType

Improper handling of malformed API packets in Bosch BT software allows unauthenticated DoS

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2023-35867	12 Jan 202409:36	–	circl
CNNVD	Selected Bosch Products Security Vulnerabilities	18 Dec 202300:00	–	cnnvd
CVE	CVE-2023-35867	18 Dec 202312:59	–	cve
EUVD	EUVD-2023-39860	3 Oct 202520:07	–	euvd
NVD	CVE-2023-35867	18 Dec 202313:15	–	nvd
OSV	CVE-2023-35867	18 Dec 202313:15	–	osv
Prion	Design/Logic Flaw	18 Dec 202313:15	–	prion

[
  {
    "vendor": "Bosch",
    "product": "BVMS",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "BVMS Viewer",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Configuration Manager",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.62"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP 7000 R2",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP all-in-one 5000",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP all-in-one 7000",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP all-in-one 7000 R3",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP all-in-one 4000",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "DIVAR IP all-in-one 6000",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "12.0.0"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Project Assistant",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "2.3"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Video Security Client",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "3.3.5"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "BIS Video Engine",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "5.0.1"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Intelligent Insights",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "1.0.3.14"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "ONVIF Camera Event Driver Tool",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "2.0.0.8"
      }
    ]
  }
]

Source	Link
psirt	www.psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html

18 Dec 2023 12:59Current

6Medium risk

Vulners AI Score6

CVSS 3.15.9

EPSS0.00083