CVE-2021-23862: Authenticated Remote Code Execution
First published: Wed Dec 08 2021(Updated: )
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Bosch Video Management System | <=9.0 | |
| Bosch Bosch Video Management System | >=10.0<10.0.2 | |
| Bosch Bosch Video Management System | =10.1 | |
| Bosch Bosch Video Management System | =11.0 | |
| Bosch Video Recording Manager | <=3.81 | |
| Bosch Video Recording Manager | >=3.82<=3.82.0057 | |
| Bosch Video Recording Manager | >=3.83<=3.83.0021 | |
| Bosch Video Recording Manager | >=4.0<=4.00.0070 | |
| Bosch Divar Ip 5000 Firmware | ||
| Bosch Divar Ip 7000 Firmware | ||
| Bosch Videojet Decoder 7513 Firmware | <=10.22.0038 | |
| Bosch Videojet Decoder 7513 | ||
| Bosch Videojet Decoder 8000 Firmware | <=10.01.0036 | |
| Bosch Videojet Decoder 8000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-23862?
CVE-2021-23862 is a vulnerability that allows an authenticated administrative user to execute arbitrary commands in system context by sending a crafted configuration packet.
Which systems are affected by CVE-2021-23862?
CVE-2021-23862 affects installations of Bosch Video Management System (versions up to 10.0.2), Bosch Video Recording Manager (versions up to 4.00.0070), and VIDEOJET decoder (VJD-7513 and VJD-8000).
What is the severity of CVE-2021-23862?
CVE-2021-23862 has a severity rating of 7.2, which is considered critical.
How can I fix CVE-2021-23862?
To fix CVE-2021-23862, upgrade to a version of Bosch Video Management System, Bosch Video Recording Manager, or VIDEOJET decoder that is not vulnerable. Refer to the vendor's security advisory for more information.
Where can I find more information about CVE-2021-23862?
You can find more information about CVE-2021-23862 in Bosch's security advisory at the following URL: https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/bosch
- canonical/bosch bosch video management system
- version/bosch bosch video management system/9.0
- version/bosch bosch video management system/10.0
- version/bosch bosch video management system/10.1
- version/bosch bosch video management system/11.0
- canonical/bosch video recording manager
- version/bosch video recording manager/3.81
- version/bosch video recording manager/3.82
- version/bosch video recording manager/3.82.0057
- version/bosch video recording manager/3.83
- version/bosch video recording manager/3.83.0021
- version/bosch video recording manager/4.0
- version/bosch video recording manager/4.00.0070
- canonical/bosch divar ip 5000 firmware
- canonical/bosch divar ip 7000 firmware
- canonical/bosch videojet decoder 7513 firmware
- version/bosch videojet decoder 7513 firmware/10.22.0038
- canonical/bosch videojet decoder 7513
- canonical/bosch videojet decoder 8000 firmware
- version/bosch videojet decoder 8000 firmware/10.01.0036
- canonical/bosch videojet decoder 8000