CVE-2021-23861

{"id": "CVE-2021-23861", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2021-12-08T22:15:08.543", "references": [{"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html", "tags": ["Vendor Advisory"], "source": "psirt@bosch.com"}, {"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-489"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."}, {"lang": "es", "value": "Al ejecutar un comando especial, un usuario con derechos administrativos puede conseguir acceso a la funcionalidad extended debug en el VRM permitiendo un impacto en la integridad o disponibilidad del software instalado. Este problema tambi\u00e9n afecta a las instalaciones de DIVAR IP y BVMS con VRM instalado"}], "lastModified": "2024-11-21T05:51:58.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B9DD276-15C0-4942-8899-553F7C190320", "versionEndIncluding": "9.0"}, {"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "989D5F9A-D223-4070-82AE-FA79E8B2572C", "versionEndExcluding": "10.0.2", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57FA3EF2-6A7C-46FD-A758-92045A3A2DEE"}, {"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FF22168-E2A2-47B8-B9BC-104FF1CFDF30"}, {"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D54B21E5-8C3E-423F-8E49-9F05B41D540B", "versionEndIncluding": "3.81"}, {"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31D1E38A-C0F8-421B-B837-3D2FBD132A18", "versionEndIncluding": "3.82.0057", "versionStartIncluding": "3.82"}, {"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7171D63A-3A1A-4235-9317-009D7C85A93C", "versionEndIncluding": "3.83.0021", "versionStartIncluding": "3.83"}, {"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31572EBA-C58A-46E8-88EA-ADE04578E039", "versionEndIncluding": "4.00.0070", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bosch:divar_ip_5000_firmware:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2C1615D-2E5F-4D49-B937-05C81AB5414C"}, {"criteria": "cpe:2.3:o:bosch:divar_ip_7000_firmware:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CCD42BE-E4B7-43FC-95FB-C97704E5C268"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}