Lucene search

[email protected]NVD:CVE-2019-6958

HistoryMay 29, 2019 - 7:29 p.m.

CVE-2019-6958

2019-05-2919:29:00

CWE-306

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as “CWE-284: Improper Access Control.” This vulnerability, for example, allows a potential attacker to delete video or read video data.

Affected configurations

Nvd

Node

boschaccess_professional_editionRange3.0–3.7

boschbosch_video_clientRange<1.7.6.079

boschbosch_video_management_systemRange≤9.0

boschbuilding_integration_systemRange2.2–4.4

boschbuilding_integration_systemMatch4.5

boschbuilding_integration_systemMatch4.6

boschbuilding_integration_systemMatch4.6.1

boschconfiguration_managerRange<6.10

boschvideo_sdkRange<6.32.0099

Node

boschdip_2000Match-

AND

boschdip_2000_firmwareRange<0380.037

Node

boschdip_3000_firmwareMatch-

AND

boschdip_3000Match-

Node

boschdip_5000_firmwareRange<038.037

AND

boschdip_5000Match-

Node

boschdip_7000_firmwareMatch-

AND

boschdip_7000Matchgen1

boschdip_7000Matchgen2

Node

boschaccess_easy_controller_firmwareMatch2.1.8.5

boschaccess_easy_controller_firmwareMatch2.1.9.0

boschaccess_easy_controller_firmwareMatch2.1.9.1

boschaccess_easy_controller_firmwareMatch2.1.9.3

AND

boschaccess_easy_controllerMatch-

VendorProductVersionCPE
boschaccess_professional_edition*cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:*
boschbosch_video_client*cpe:2.3:a:bosch:bosch_video_client:*:*:*:*:*:*:*:*
boschbosch_video_management_system*cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*
boschbuilding_integration_system*cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:*
boschbuilding_integration_system4.5cpe:2.3:a:bosch:building_integration_system:4.5:*:*:*:*:*:*:*
boschbuilding_integration_system4.6cpe:2.3:a:bosch:building_integration_system:4.6:*:*:*:*:*:*:*
boschbuilding_integration_system4.6.1cpe:2.3:a:bosch:building_integration_system:4.6.1:*:*:*:*:*:*:*
boschconfiguration_manager*cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:*
boschvideo_sdk*cpe:2.3:a:bosch:video_sdk:*:*:*:*:*:*:*:*
boschdip_2000-cpe:2.3:h:bosch:dip_2000:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bosch	access_professional_edition	*	cpe:2.3:a:bosch:access_professional_edition::::::::
bosch	bosch_video_client	*	cpe:2.3:a:bosch:bosch_video_client::::::::
bosch	bosch_video_management_system	*	cpe:2.3:a:bosch:bosch_video_management_system::::::::
bosch	building_integration_system	*	cpe:2.3:a:bosch:building_integration_system::::::::
bosch	building_integration_system	4.5	cpe:2.3:a:bosch:building_integration_system:4.5:::::::*
bosch	building_integration_system	4.6	cpe:2.3:a:bosch:building_integration_system:4.6:::::::*
bosch	building_integration_system	4.6.1	cpe:2.3:a:bosch:building_integration_system:4.6.1:::::::*
bosch	configuration_manager	*	cpe:2.3:a:bosch:configuration_manager::::::::
bosch	video_sdk	*	cpe:2.3:a:bosch:video_sdk::::::::
bosch	dip_2000	-	cpe:2.3:h:bosch:dip_2000:-:::::::*

Rows per page:

1-10 of 231

References

media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bt-cve-2019-6958_security_advisory_improper_access_control.pdf

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for NVD:CVE-2019-6958

cvelist1 cve1 prion1