CVE-2023-28175: Infoleak
First published: Thu Jun 15 2023(Updated: )
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Video Management System | >=7.5<=11.1.1 | |
| Bosch Video Management System Viewer | >=7.5<=11.1.1 | |
| Bosch Divar Ip 4000 | ||
| Bosch DIVAR IP 5000 | ||
| Bosch Divar Ip 6000 | ||
| Bosch Divar Ip 7000 | ||
| Bosch DIVAR IP 7000 R2 | ||
| Bosch Divar Ip 7000 R3 | ||
| Bosch Divar Ip 3000 Firmware | >=7.5<=8.0 | |
| Bosch DIVAR IP 3000 | ||
| Bosch Divar Ip 6000 Firmware | =11.1.1 | |
| Bosch Divar Ip 4000 Firmware | =11.1.1 | |
| Bosch Divar Ip 5000 Firmware | >=9.0<=11.1.1 | |
| Bosch Divar Ip 7000 R2 Firmware | >=7.5<=11.1.1 | |
| Bosch Divar Ip 7000 Firmware | >=7.5<=8.0 | |
| Bosch Divar Ip 7000 R3 Firmware | >=10.1.1<=11.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security flaw?
The vulnerability ID is CVE-2023-28175.
What is the severity level of CVE-2023-28175?
CVE-2023-28175 has a severity level of 7.7 (high).
What is the affected software?
The affected software includes Bosch Video Management System versions 11.0, 11.1.0, and 11.1.1, and Bosch Video Management System Viewer versions 11.0, 11.1.0, and 11.1.1.
What can a remote authenticated user do through this vulnerability?
A remote authenticated user can access resources within the trusted internal network via a port forwarding request.
Where can I find more information about this vulnerability?
More information about CVE-2023-28175 can be found at the following link: [Bosch Security Advisory](https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html).
- collector/nvd-index
- vendor/bosch
- canonical/bosch video management system
- version/bosch video management system/7.5
- version/bosch video management system/11.1.1
- canonical/bosch video management system viewer
- version/bosch video management system viewer/7.5
- version/bosch video management system viewer/11.1.1
- canonical/bosch divar ip 4000
- canonical/bosch divar ip 5000
- canonical/bosch divar ip 6000
- canonical/bosch divar ip 7000
- canonical/bosch divar ip 7000 r2
- canonical/bosch divar ip 7000 r3
- canonical/bosch divar ip 3000 firmware
- version/bosch divar ip 3000 firmware/7.5
- version/bosch divar ip 3000 firmware/8.0
- canonical/bosch divar ip 3000
- canonical/bosch divar ip 6000 firmware
- version/bosch divar ip 6000 firmware/11.1.1
- canonical/bosch divar ip 4000 firmware
- version/bosch divar ip 4000 firmware/11.1.1
- canonical/bosch divar ip 5000 firmware
- version/bosch divar ip 5000 firmware/9.0
- version/bosch divar ip 5000 firmware/11.1.1
- canonical/bosch divar ip 7000 r2 firmware
- version/bosch divar ip 7000 r2 firmware/7.5
- version/bosch divar ip 7000 r2 firmware/11.1.1
- canonical/bosch divar ip 7000 firmware
- version/bosch divar ip 7000 firmware/7.5
- version/bosch divar ip 7000 firmware/8.0
- canonical/bosch divar ip 7000 r3 firmware
- version/bosch divar ip 7000 r3 firmware/10.1.1
- version/bosch divar ip 7000 r3 firmware/11.1.1