Improper Check or Handling of Exceptional Conditions in Robert Bosch products - CVE-2023-35867
Published: January 3, 2024
Vulnerability identifier: #VU84932
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-35867
CWE-ID: CWE-703
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Robert Bosch
Affected software:
Bosch BIS Video Engine
Bosch BVMS
Bosch BVMS Viewer
Bosch Configuration Manager
Bosch DIVAR IP 7000 R2
Bosch DIVAR IP all-in-one 4000
Bosch DIVAR IP all-in-one 5000
Bosch DIVAR IP all-in-one 6000
Bosch DIVAR IP all-in-one 7000
Bosch DIVAR IP all-in-one 7000 R3
Bosch Intelligent Insights
Bosch ONVIF Camera Event Driver Tool
Bosch Project Assistant
Bosch Video Security Client
Bosch BIS Video Engine
Bosch BVMS
Bosch BVMS Viewer
Bosch Configuration Manager
Bosch DIVAR IP 7000 R2
Bosch DIVAR IP all-in-one 4000
Bosch DIVAR IP all-in-one 5000
Bosch DIVAR IP all-in-one 6000
Bosch DIVAR IP all-in-one 7000
Bosch DIVAR IP all-in-one 7000 R3
Bosch Intelligent Insights
Bosch ONVIF Camera Event Driver Tool
Bosch Project Assistant
Bosch Video Security Client
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of a malformed API answer packets to API clients. A remote attacker can replace an existing API server and cause a denial of service condition.
How to mitigate CVE-2023-35867
Install updates from vendor's website.