Improper Check or Handling of Exceptional Conditions in Robert Bosch products - CVE-2023-35867
Published: January 3, 2024
Vulnerability identifier: #VU84932
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-35867
CWE-ID: CWE-703
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Bosch BIS Video Engine
Bosch BVMS
Bosch BVMS Viewer
Bosch Configuration Manager
Bosch DIVAR IP 7000 R2
Bosch DIVAR IP all-in-one 4000
Bosch DIVAR IP all-in-one 5000
Bosch DIVAR IP all-in-one 6000
Bosch DIVAR IP all-in-one 7000
Bosch DIVAR IP all-in-one 7000 R3
Bosch Intelligent Insights
Bosch ONVIF Camera Event Driver Tool
Bosch Project Assistant
Bosch Video Security Client
Bosch BIS Video Engine
Bosch BVMS
Bosch BVMS Viewer
Bosch Configuration Manager
Bosch DIVAR IP 7000 R2
Bosch DIVAR IP all-in-one 4000
Bosch DIVAR IP all-in-one 5000
Bosch DIVAR IP all-in-one 6000
Bosch DIVAR IP all-in-one 7000
Bosch DIVAR IP all-in-one 7000 R3
Bosch Intelligent Insights
Bosch ONVIF Camera Event Driver Tool
Bosch Project Assistant
Bosch Video Security Client
Software vendor:
Robert Bosch
Robert Bosch
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of a malformed API answer packets to API clients. A remote attacker can replace an existing API server and cause a denial of service condition.
Remediation
Install updates from vendor's website.