CVE-2021-23861
6.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bosch | BVMS | unspecified <= 9.0.0 | affected |
| Bosch | BVMS | 11.0 < 11.0.0 | affected |
| Bosch | BVMS | 10.0 < 10.0.2 | affected |
| Bosch | BVMS | 10.1 < 10.1.1 | affected |
| Bosch | DIVAR IP 7000 R2 | all | affected |
| Bosch | DIVAR IP all-in-one 5000 | all | affected |
| Bosch | DIVAR IP all-in-one 7000 | all | affected |
| Bosch | VRM | unspecified <= 3.81 | affected |
| Bosch | VRM | 4.0 <= 4.00.0070 | affected |
| Bosch | VRM | 3.83 <= 3.83.0021 | affected |
| Bosch | VRM | 3.82 <= 3.82.0057 | affected |
Weaknesses
- CWE-489: CWE-489 Active Debug Code
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.