CVE-2020-6769: Missing Authentication for Critical Function in Bosch Video Streaming Gateway
First published: Fri Feb 07 2020(Updated: )
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Video Streaming Gateway | <=6.42.10 | |
| Bosch Video Streaming Gateway | >=6.43<=6.43.0023 | |
| Bosch Video Streaming Gateway | >=6.44<=6.44.022 | |
| Bosch Video Streaming Gateway | >=6.45<=6.45.08 | |
| Bosch Divar Ip 2000 Firmware | <=3.62.0019 | |
| Bosch DIVAR IP 2000 | ||
| Bosch Divar Ip 5000 Firmware | <=3.80.0039 | |
| Bosch DIVAR IP 5000 | ||
| Bosch DIVAR IP 3000 | ||
| Bosch Divar Ip 7000 | ||
| Bosch DIVAR IP all-in-one 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-6769?
The severity of CVE-2020-6769 is critical with a CVSS score of 9.1.
How does CVE-2020-6769 impact the confidentiality and availability?
CVE-2020-6769 can impact the confidentiality and availability of live and recorded video data.
Which software versions of Bosch Video Streaming Gateway are affected by CVE-2020-6769?
Software versions up to 6.42.10, 6.43.0023, 6.44.022, and 6.45.08 of Bosch Video Streaming Gateway are affected by CVE-2020-6769.
How can an unauthenticated remote attacker exploit CVE-2020-6769?
An unauthenticated remote attacker can exploit CVE-2020-6769 to retrieve and set arbitrary configuration data of the Video Streaming Gateway.
Is the Bosch DIVAR IP 2000 vulnerable to CVE-2020-6769?
No, the Bosch DIVAR IP 2000 is not vulnerable to CVE-2020-6769.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/remedy
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/bosch
- canonical/bosch video streaming gateway
- version/bosch video streaming gateway/6.42.10
- version/bosch video streaming gateway/6.43
- version/bosch video streaming gateway/6.43.0023
- version/bosch video streaming gateway/6.44
- version/bosch video streaming gateway/6.44.022
- version/bosch video streaming gateway/6.45
- version/bosch video streaming gateway/6.45.08
- canonical/bosch divar ip 2000 firmware
- version/bosch divar ip 2000 firmware/3.62.0019
- canonical/bosch divar ip 2000
- canonical/bosch divar ip 5000 firmware
- version/bosch divar ip 5000 firmware/3.80.0039
- canonical/bosch divar ip 5000
- canonical/bosch divar ip 3000
- canonical/bosch divar ip 7000
- canonical/bosch divar ip all-in-one 5000