CVE Vulnerabilities

CVE-2021-23859

Improper Handling of Exceptional Conditions

Published: Dec 08, 2021 | Modified: Dec 14, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

Weakness

The product does not handle or incorrectly handles an exceptional condition.

Affected Software

Name Vendor Start Version End Version
Bosch_video_management_system Bosch * 9.0
Bosch_video_management_system Bosch 10.0 *
Bosch_video_management_system Bosch 10.1 10.1
Bosch_video_management_system Bosch 11.0 11.0
Video_recording_manager Bosch * 3.81
Video_recording_manager Bosch 3.82 3.82.0057
Video_recording_manager Bosch 3.83 3.83.0021
Video_recording_manager Bosch 4.0 4.00.0070

References