Description
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- Bosch / Bosch DIVAR IP 30007.5 – 8.0
- Bosch / Bosch DIVAR IP 7000 R17.5 – 8.0
- Bosch / Bosch DIVAR IP 7000 R27.5 – 11.1.1
- Bosch / Bosch DIVAR IP all-in-one 50009.0 – 11.1.1
- Bosch / Bosch DIVAR IP all-in-one 70009.0 – 11.1.1
- Bosch / Bosch DIVAR IP all-in-one 7000 R310.1.1 – 11.1.1
- Bosch / BVMS7.5 – 11.1.1
- Bosch / BVMS Viewer7.5 – 11.1.1
- Bosch / DIVAR IP all-in-one 400011.1.1 – 11.1.1
- Bosch / DIVAR IP all-in-one 600011.1.1 – 11.1.1