CVE-2023-35867 - Vulnerability Details

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bosch	Onvif Camera Event Driver Tool Bosch Video Management System Building Integration System Video Engine Configuration Manager Divar Ip 7000 R2 Divar Ip 7000 R2 Firmware Divar Ip All-in-one 4000 Divar Ip All-in-one 4000 Firmware Divar Ip All-in-one 5000 Divar Ip All-in-one 5000 Firmware Divar Ip All-in-one 6000 Divar Ip All-in-one 6000 Firmware Divar Ip All-in-one 7000 Divar Ip All-in-one 7000 Firmware Divar Ip All-in-one 7000 R3 Divar Ip All-in-one 7000 R3 Firmware Intelligent Insights Project Assistant Video Management System Viewer Video Security Client

Configuration 1 [-]

cpe:2.3:a:bosch:building_integration_system_video_engine:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_6000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_7000_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_7000_r3:-:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:a:bosch:intelligent_insights:*:*:*:*:*:*:*:*

Configuration 12 [-]

cpe:2.3:a:bosch:_onvif_camera_event_driver_tool:*:*:*:*:*:*:*:*

Configuration 13 [-]

cpe:2.3:a:bosch:project_assistant:*:*:*:*:*:*:*:*

Configuration 14 [-]

cpe:2.3:a:bosch:video_security_client:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2023-12-18T12:59:48.604Z

Updated: 2024-08-02T16:30:45.391Z

Reserved: 2023-06-19T09:15:32.387Z

Link: CVE-2023-35867

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-18T13:15:07.010

Modified: 2024-11-21T08:08:51.793

Link: CVE-2023-35867

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object