CVE-2020-6767: Path Traversal in Bosch Video Management System (BVMS)
First published: Wed Jan 29 2020(Updated: )
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Video Management System Viewer | <=7.5 | |
| Bosch Video Management System Viewer | >=8.0<=8.0.329 | |
| Bosch Video Management System Viewer | >=9.0<=9.0.0.827 | |
| Bosch Video Management System Viewer | >=10.0<=10.0.0.1225 | |
| Bosch Video Management System | <=7.5 | |
| Bosch Video Management System | >=8.0<=8.0.0.329 | |
| Bosch Video Management System | >=9.0<=9.0.0.827 | |
| Bosch Video Management System | >=10.0<=10.0.0.1225 | |
| Bosch DIVAR IP 3000 | ||
| Bosch Divar Ip 7000 | ||
| Bosch DIVAR IP all-in-one 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this path traversal vulnerability?
The vulnerability ID for this path traversal vulnerability is CVE-2020-6767.
What is the affected software for this vulnerability?
The affected software for this vulnerability is the Bosch Video Management System (BVMS) FileTransferService.
How does this vulnerability impact the affected software?
This vulnerability allows an authenticated remote attacker to read arbitrary files from the Central Server.
What are the affected versions of the Bosch BVMS?
The affected versions of the Bosch BVMS are 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329, and 7.5 and older.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for this vulnerability is CWE-22.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability in the following references: [Link 1](https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-bt_cve-2020-6767_securityadvisory_bvms_pathtraversal.pdf) and [Link 2](https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.html).
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/bosch
- canonical/bosch video management system viewer
- version/bosch video management system viewer/7.5
- version/bosch video management system viewer/8.0
- version/bosch video management system viewer/8.0.329
- version/bosch video management system viewer/9.0
- version/bosch video management system viewer/9.0.0.827
- version/bosch video management system viewer/10.0
- version/bosch video management system viewer/10.0.0.1225
- canonical/bosch video management system
- version/bosch video management system/7.5
- version/bosch video management system/8.0
- version/bosch video management system/8.0.0.329
- version/bosch video management system/9.0
- version/bosch video management system/9.0.0.827
- version/bosch video management system/10.0
- version/bosch video management system/10.0.0.1225
- canonical/bosch divar ip 3000
- canonical/bosch divar ip 7000
- canonical/bosch divar ip all-in-one 5000