Description
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Bosch / BIS Video Engine0 – 5.0.1
- Bosch / BVMS0 – 12.0.0
- Bosch / BVMS Viewer0 – 12.0.0
- Bosch / Configuration Manager0 – 7.62
- Bosch / DIVAR IP 7000 R20 – 12.0.0
- Bosch / DIVAR IP all-in-one 40000 – 12.0.0
- Bosch / DIVAR IP all-in-one 50000 – 12.0.0
- Bosch / DIVAR IP all-in-one 60000 – 12.0.0
- Bosch / DIVAR IP all-in-one 70000 – 12.0.0
- Bosch / DIVAR IP all-in-one 7000 R30 – 12.0.0
- Bosch / Intelligent Insights0 – 1.0.3.14
- Bosch / ONVIF Camera Event Driver Tool0 – 2.0.0.8
- Bosch / Project Assistant0 – 2.3
- Bosch / Video Security Client0 – 3.3.5