HIGH🇬🇧 English

CVE-2023-28175

CVSS 7.1v3.1pub. 2023-06-15upd. 2024-11-21

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
  • Bosch Divar Ip 3000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 3000 Firmware

    OS
    Bosch
    7.5 – 8.0
  • Bosch Divar Ip 4000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 4000 Firmware

    OS
    Bosch
    11.1.1
  • Bosch Divar Ip 5000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 5000 Firmware

    OS
    Bosch
    9.0 – 11.1.1
  • Bosch Divar Ip 6000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 6000 Firmware

    OS
    Bosch
    11.1.1
  • Bosch Divar Ip 7000

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000 Firmware

    OS
    Bosch
    7.5 – 8.0
  • Bosch Divar Ip 7000 R2

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000 R2 Firmware

    OS
    Bosch
    7.5 – 11.1.1
  • Bosch Divar Ip 7000 R3

    HW
    Bosch
    wszystkie wersje
  • Bosch Divar Ip 7000 R3 Firmware

    OS
    Bosch
    10.1.1 – 11.1.1
  • Bosch Video Management System

    APP
    Bosch
    7.5 – 11.1.1
  • Bosch Video Management System Viewer

    APP
    Bosch
    7.5 – 11.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-23859CRITICAL9.1ten sam produkt

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of...

CVE-2019-11684CRITICAL9.9ten sam produkt

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitra...

CVE-2020-6769CRITICAL10.0ten sam produkt

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthentica...

CVE-2020-6770CRITICAL10.0ten sam produkt

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote...

CVE-2021-23862HIGH7.2ten sam produkt

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary c...

CVE-2023-28175 — HIGH 7.1 | CVEbaza.pl