CVE-2019-6957 — CRITICAL (9.8)

Q: How severe is CVE-2019-6957?

CVE-2019-6957 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-6957?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Access Professional Edition, Bosch Bosch Video Client, Bosch Bosch Video Management System, Bosch Building Integration System, Bosch Configuration Manager.

Vulnerability Description

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosch	Access Professional Edition	>= 3.0, <= 3.7
Bosch	Bosch Video Client	< 1.7.6.079
Bosch	Bosch Video Management System	<= 9.0
Bosch	Building Integration System	>= 2.2, <= 4.4
Bosch	Configuration Manager	< 6.10
Bosch	Video Recording Manager	< 3.71.0032
Bosch	Video Sdk	< 6.32.0099
Bosch	Video Streaming Gateway	< 6.43.0023
Bosch	Dip 2000 Firmware	< 0380.037
Bosch	Dip 2000	-
Bosch	Dip 3000 Firmware	-
Bosch	Dip 3000	-
Bosch	Dip 5000 Firmware	< 038.037
Bosch	Dip 5000	-
Bosch	Dip 7000 Firmware	-
Bosch	Dip 7000	gen1
Bosch	Access Easy Controller Firmware	2.1.8.5
Bosch	Access Easy Controller	-

Related Weaknesses (CWE)

CWE-787

References

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bVendor Advisory
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bVendor Advisory

FAQ

What is CVE-2019-6957?

CVE-2019-6957 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming...

How severe is CVE-2019-6957?

CVE-2019-6957 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-6957?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Access Professional Edition, Bosch Bosch Video Client, Bosch Bosch Video Management System, Bosch Building Integration System, Bosch Configuration Manager.