Published: 26/02/2021 Updated: 21/07/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bosch video recording manager
bosch divar_ip_5000_firmware
bosch video management system 3.70.0056
bosch video management system 3.70.0058
bosch video management system 3.70.0060
bosch video management system 3.70.0062
bosch video management system 3.71.0022
bosch video management system 3.71.0029
bosch video management system 3.71.0031
bosch video management system 3.71.0032
bosch video management system 3.81.0032
bosch video management system 3.81.0038
bosch video management system 3.81.0048

CWE-306 https://psirt.bosch.com/security-advisories/bosch-sa-804652.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11684

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect