CVE-2020-6767
Published Feb 6, 2020
Last updated 5 years ago
Overview
- Description
- A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
- Source
- psirt@bosch.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD1A5F0B-745B-4C16-A3BE-B804B4891C1D",
"versionEndIncluding": "7.5"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26A9728E-37DF-49E5-8B0C-87765A4F640A",
"versionEndIncluding": "8.0.329",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88C3F240-8245-400A-BC27-13C0203927BF",
"versionEndIncluding": "9.0.0.827",
"versionStartIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81125C8F-8107-4FB0-8A1F-6D81B9B82879",
"versionEndIncluding": "10.0.0.1225",
"versionStartIncluding": "10.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F7EE760B-9B65-49A3-92E5-93880C58A628"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF8A7253-EB35-44B5-8C74-8DD92063CBA3",
"versionEndIncluding": "7.5"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90BED11C-CC91-428F-BD88-2CA839B5B956",
"versionEndIncluding": "8.0.0.329",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7822BE18-F886-4A05-9427-563FCD8475E1",
"versionEndIncluding": "9.0.0.827",
"versionStartIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88BAFAD8-9D6F-46E1-8776-8F75F440E5A3",
"versionEndIncluding": "10.0.0.1225",
"versionStartIncluding": "10.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "10D23E90-110B-4ADC-8417-CD0149D126D2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF8A7253-EB35-44B5-8C74-8DD92063CBA3",
"versionEndIncluding": "7.5"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90BED11C-CC91-428F-BD88-2CA839B5B956",
"versionEndIncluding": "8.0.0.329",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7822BE18-F886-4A05-9427-563FCD8475E1",
"versionEndIncluding": "9.0.0.827",
"versionStartIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88BAFAD8-9D6F-46E1-8776-8F75F440E5A3",
"versionEndIncluding": "10.0.0.1225",
"versionStartIncluding": "10.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7075A014-A297-4E41-81D8-2535BC2BD4E9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF8A7253-EB35-44B5-8C74-8DD92063CBA3",
"versionEndIncluding": "7.5"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90BED11C-CC91-428F-BD88-2CA839B5B956",
"versionEndIncluding": "8.0.0.329",
"versionStartIncluding": "8.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7822BE18-F886-4A05-9427-563FCD8475E1",
"versionEndIncluding": "9.0.0.827",
"versionStartIncluding": "9.0"
},
{
"criteria": "cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88BAFAD8-9D6F-46E1-8776-8F75F440E5A3",
"versionEndIncluding": "10.0.0.1225",
"versionStartIncluding": "10.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]