CVE-2019-6958 — CRITICAL (9.1)

Q: How severe is CVE-2019-6958?

CVE-2019-6958 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-6958?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Access Professional Edition, Bosch Bosch Video Client, Bosch Bosch Video Management System, Bosch Building Integration System, Bosch Configuration Manager.

Vulnerability Description

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Bosch	Access Professional Edition	>= 3.0, <= 3.7
Bosch	Bosch Video Client	< 1.7.6.079
Bosch	Bosch Video Management System	<= 9.0
Bosch	Building Integration System	>= 2.2, <= 4.4
Bosch	Configuration Manager	< 6.10
Bosch	Video Sdk	< 6.32.0099
Bosch	Dip 2000 Firmware	< 0380.037
Bosch	Dip 2000	-
Bosch	Dip 3000 Firmware	-
Bosch	Dip 3000	-
Bosch	Dip 5000 Firmware	< 038.037
Bosch	Dip 5000	-
Bosch	Dip 7000 Firmware	-
Bosch	Dip 7000	gen1
Bosch	Access Easy Controller Firmware	2.1.8.5
Bosch	Access Easy Controller	-

Related Weaknesses (CWE)

CWE-306

References

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bMitigationVendor Advisory
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bMitigationVendor Advisory

FAQ

What is CVE-2019-6958?

CVE-2019-6958 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration Sy...

How severe is CVE-2019-6958?

CVE-2019-6958 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-6958?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Access Professional Edition, Bosch Bosch Video Client, Bosch Bosch Video Management System, Bosch Building Integration System, Bosch Configuration Manager.