CVE-2023-35867
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bosch | BVMS | 0 <= 12.0.0 | affected |
| Bosch | BVMS Viewer | 0 <= 12.0.0 | affected |
| Bosch | Configuration Manager | 0 <= 7.62 | affected |
| Bosch | DIVAR IP 7000 R2 | 0 <= 12.0.0 | affected |
| Bosch | DIVAR IP all-in-one 5000 | 0 <= 12.0.0 | affected |
| Bosch | DIVAR IP all-in-one 7000 | 0 <= 12.0.0 | affected |
| Bosch | DIVAR IP all-in-one 7000 R3 | 0 <= 12.0.0 | affected |
| Bosch | DIVAR IP all-in-one 4000 | 0 <= 12.0.0 | affected |
| Bosch | DIVAR IP all-in-one 6000 | 0 <= 12.0.0 | affected |
| Bosch | Project Assistant | 0 <= 2.3 | affected |
| Bosch | Video Security Client | 0 <= 3.3.5 | affected |
| Bosch | BIS Video Engine | 0 <= 5.0.1 | affected |
| Bosch | Intelligent Insights | 0 <= 1.0.3.14 | affected |
| Bosch | ONVIF Camera Event Driver Tool | 0 <= 2.0.0.8 | affected |
Weaknesses
- CWE-703: CWE-703 Improper Check or Handling of Exceptional Conditions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.