CVE-2023-35867

Summary

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

Affected Software

VendorProductVersion RangeStatus
BoschBVMS0 <= 12.0.0affected
BoschBVMS Viewer0 <= 12.0.0affected
BoschConfiguration Manager0 <= 7.62affected
BoschDIVAR IP 7000 R20 <= 12.0.0affected
BoschDIVAR IP all-in-one 50000 <= 12.0.0affected
BoschDIVAR IP all-in-one 70000 <= 12.0.0affected
BoschDIVAR IP all-in-one 7000 R30 <= 12.0.0affected
BoschDIVAR IP all-in-one 40000 <= 12.0.0affected
BoschDIVAR IP all-in-one 60000 <= 12.0.0affected
BoschProject Assistant0 <= 2.3affected
BoschVideo Security Client0 <= 3.3.5affected
BoschBIS Video Engine0 <= 5.0.1affected
BoschIntelligent Insights0 <= 1.0.3.14affected
BoschONVIF Camera Event Driver Tool0 <= 2.0.0.8affected

Weaknesses

  • CWE-703: CWE-703 Improper Check or Handling of Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References