CVE-2023-35867
First published: Mon Dec 18 2023(Updated: )
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Building Integration System Video Engine | <=5.0.1 | |
| Bosch Bosch Video Management System | <=12.0 | |
| Bosch Video Management System Viewer | <=12.0 | |
| Bosch Configuration Manager | <=7.62 | |
| All of | ||
| Bosch Divar Ip 7000 R2 Firmware | <=12.0 | |
| Bosch DIVAR IP 7000 R2 | ||
| All of | ||
| Bosch Divar Ip All-in-one 4000 Firmware | <=12.0 | |
| Bosch Divar Ip All-in-one 4000 | ||
| All of | ||
| Bosch Divar Ip All-in-one 5000 Firmware | <=12.0 | |
| Bosch DIVAR IP all-in-one 5000 | ||
| All of | ||
| Bosch Divar Ip All-in-one 6000 Firmware | <=12.0 | |
| Bosch Divar Ip All-in-one 6000 | ||
| All of | ||
| Bosch Divar Ip All-in-one 7000 Firmware | <=12.0 | |
| Bosch DIVAR IP all-in-one 7000 | ||
| All of | ||
| Bosch Divar Ip All-in-one 7000 R3 Firmware | <=12.0 | |
| Bosch Divar Ip All-in-one 7000 R3 | ||
| Bosch Intelligent Insights | <=1.0.3.14 | |
| Bosch Onvif Camera Event Driver Tool | <=2.0.0.8 | |
| Bosch Project Assistant | <=2.3 | |
| Bosch Video Security Client | <=3.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-api
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/event
- agent/description
- vendor/bosch
- canonical/bosch building integration system video engine
- version/bosch building integration system video engine/5.0.1
- canonical/bosch bosch video management system
- version/bosch bosch video management system/12.0
- canonical/bosch video management system viewer
- version/bosch video management system viewer/12.0
- canonical/bosch configuration manager
- version/bosch configuration manager/7.62
- canonical/bosch divar ip 7000 r2 firmware
- version/bosch divar ip 7000 r2 firmware/12.0
- canonical/bosch divar ip 7000 r2
- canonical/bosch divar ip all-in-one 4000 firmware
- version/bosch divar ip all-in-one 4000 firmware/12.0
- canonical/bosch divar ip all-in-one 4000
- canonical/bosch divar ip all-in-one 5000 firmware
- version/bosch divar ip all-in-one 5000 firmware/12.0
- canonical/bosch divar ip all-in-one 5000
- canonical/bosch divar ip all-in-one 6000 firmware
- version/bosch divar ip all-in-one 6000 firmware/12.0
- canonical/bosch divar ip all-in-one 6000
- canonical/bosch divar ip all-in-one 7000 firmware
- version/bosch divar ip all-in-one 7000 firmware/12.0
- canonical/bosch divar ip all-in-one 7000
- canonical/bosch divar ip all-in-one 7000 r3 firmware
- version/bosch divar ip all-in-one 7000 r3 firmware/12.0
- canonical/bosch divar ip all-in-one 7000 r3
- canonical/bosch intelligent insights
- version/bosch intelligent insights/1.0.3.14
- canonical/bosch onvif camera event driver tool
- version/bosch onvif camera event driver tool/2.0.0.8
- canonical/bosch project assistant
- version/bosch project assistant/2.3
- canonical/bosch video security client
- version/bosch video security client/3.3.5