CVE-2023-35867 - OpenCVE

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Bosch	Building Integration System Video Engine Divar Ip All-in-one 7000 R3 Firmware Divar Ip All-in-one 5000 Firmware Project Assistant Divar Ip 7000 R2 Divar Ip All-in-one 6000 Divar Ip All-in-one 4000 Video Security Client Divar Ip All-in-one 7000 Configuration Manager Divar Ip All-in-one 6000 Firmware Divar Ip All-in-one 7000 R3 Divar Ip All-in-one 4000 Firmware Intelligent Insights Divar Ip All-in-one 7000 Firmware Bosch Video Management System Divar Ip 7000 R2 Firmware Video Management System Viewer Divar Ip All-in-one 5000 Onvif Camera Event Driver Tool

Configuration 1 [-]

cpe:2.3:a:bosch:building_integration_system_video_engine:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_6000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_6000:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:bosch:divar_ip_all-in-one_7000_r3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:divar_ip_all-in-one_7000_r3:-:*:*:*:*:*:*:*

Configuration 11 [-]

cpe:2.3:a:bosch:intelligent_insights:*:*:*:*:*:*:*:*

Configuration 12 [-]

cpe:2.3:a:bosch:_onvif_camera_event_driver_tool:*:*:*:*:*:*:*:*

Configuration 13 [-]

cpe:2.3:a:bosch:project_assistant:*:*:*:*:*:*:*:*

Configuration 14 [-]

cpe:2.3:a:bosch:video_security_client:*:*:*:*:*:*:*:*

References

Link	Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: bosch

Published: 2023-12-18T12:59:48.604Z

Updated: 2023-12-18T12:59:48.604Z

Reserved: 2023-06-19T09:15:32.387Z

Link: CVE-2023-35867

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-18T13:15:07.010

Modified: 2023-12-22T20:13:40.507

Link: CVE-2023-35867

JSON object: View

Redhat Information

No data.

CWE