CVE-2023-35867

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-35867
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bosch:building_integration_system_video_engine:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:bosch:divar_ip_all-in-one_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_6000:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_7000_r3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:a:bosch:intelligent_insights:*:*:*:*:*:*:*:*

Configuration 12 (hide)

cpe:2.3:a:bosch:_onvif_camera_event_driver_tool:*:*:*:*:*:*:*:*

Configuration 13 (hide)

cpe:2.3:a:bosch:project_assistant:*:*:*:*:*:*:*:*

Configuration 14 (hide)

cpe:2.3:a:bosch:video_security_client:*:*:*:*:*:*:*:*
History

22 Dec 2023, 20:13

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html - () https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.9
CPE cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_all-in-one_6000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:project_assistant:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:_onvif_camera_event_driver_tool:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:*
cpe:2.3:a:bosch:configuration_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_security_client:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:building_integration_system_video_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_7000_r3:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_r3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-:*:*:*:*:*:*:*
cpe:2.3:a:bosch:intelligent_insights:*:*:*:*:*:*:*:*
cpe:2.3:h:bosch:divar_ip_all-in-one_6000:-:*:*:*:*:*:*:*

18 Dec 2023, 14:05

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-18 13:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-35867

Mitre link : CVE-2023-35867

CVE.ORG link : CVE-2023-35867

JSON object : View

Products Affected

bosch

  • building_integration_system_video_engine
  • divar_ip_all-in-one_6000
  • divar_ip_7000_r2_firmware
  • divar_ip_7000_r2
  • _onvif_camera_event_driver_tool
  • divar_ip_all-in-one_4000_firmware
  • divar_ip_all-in-one_7000_r3_firmware
  • video_security_client
  • divar_ip_all-in-one_7000_firmware
  • divar_ip_all-in-one_6000_firmware
  • configuration_manager
  • divar_ip_all-in-one_7000
  • divar_ip_all-in-one_5000
  • divar_ip_all-in-one_5000_firmware
  • divar_ip_all-in-one_7000_r3
  • video_management_system_viewer
  • bosch_video_management_system
  • divar_ip_all-in-one_4000
  • project_assistant
  • intelligent_insights
CWE
NVD-CWE-Other CWE-703

Improper Check or Handling of Exceptional Conditions