CVE-2023-28175

Summary

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

Affected Software

VendorProductVersion RangeStatus
BoschBVMS7.5 <= 11.1.1affected
BoschBVMS Viewer7.5 <= 11.1.1affected
BoschBosch DIVAR IP 30007.5 <= 8.0affected
BoschBosch DIVAR IP 7000 R17.5 <= 8.0affected
BoschBosch DIVAR IP 7000 R27.5 <= 11.1.1affected
BoschBosch DIVAR IP all-in-one 7000 R310.1.1 <= 11.1.1affected
BoschBosch DIVAR IP all-in-one 50009.0 <= 11.1.1affected
BoschBosch DIVAR IP all-in-one 70009.0 <= 11.1.1affected
BoschDIVAR IP all-in-one 400011.1.1affected
BoschDIVAR IP all-in-one 600011.1.1affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References