CVE-2023-28175 - Vulnerability Details

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Bosch	Divar Ip 3000 Divar Ip 3000 Firmware Divar Ip 4000 Divar Ip 4000 Firmware Divar Ip 5000 Divar Ip 5000 Firmware Divar Ip 6000 Divar Ip 6000 Firmware Divar Ip 7000 Divar Ip 7000 Firmware Divar Ip 7000 R2 Divar Ip 7000 R2 Firmware Divar Ip 7000 R3 Divar Ip 7000 R3 Firmware Video Management System Video Management System Viewer

Configuration 1 [-]

AND

OR	cpe:2.3:a:bosch:video_management_system::::::::
	cpe:2.3:a:bosch:video_management_system_viewer::::::::

OR	cpe:2.3:h:bosch:divar_ip_4000:-:::::::*
	cpe:2.3:h:bosch:divar_ip_5000:-:::::::*
	cpe:2.3:h:bosch:divar_ip_6000:-:::::::*
	cpe:2.3:h:bosch:divar_ip_7000:-:::::::*
	cpe:2.3:h:bosch:divar_ip_7000_r2:-:::::::*
	cpe:2.3:h:bosch:divar_ip_7000_r3:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bosch:divar_ip_6000_firmware:11.1.1:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bosch:divar_ip_4000_firmware:11.1.1:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:bosch:divar_ip_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:bosch:divar_ip_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:bosch:divar_ip_7000_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html

History

Tue, 17 Dec 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-06-15T10:14:34.076Z

Updated: 2024-12-17T20:51:14.639Z

Reserved: 2023-03-13T15:46:37.814Z

Link: CVE-2023-28175

Vulnrichment

Updated: 2024-08-02T12:30:24.180Z

NVD

Status : Modified

Published: 2023-06-15T11:15:09.227

Modified: 2024-11-21T07:54:32.270

Link: CVE-2023-28175

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object