CVE-2019-8952 — MEDIUM (6.5)

Q: How severe is CVE-2019-8952?

CVE-2019-8952 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-8952?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Divar Ip 2000 Firmware, Bosch Divar Ip 2000, Bosch Divar Ip 5000 Firmware, Bosch Divar Ip 5000, Bosch Video Management System.

Vulnerability Description

A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; 3.70; 3.71 before 3.71.0032 ; fixed versions: 3.71.0032; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; 3.70.0056; fixed versions: 7.5; 3.71.0032).

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bosch	Divar Ip 2000 Firmware	< 3.62.0019
Bosch	Divar Ip 2000	-
Bosch	Divar Ip 5000 Firmware	< 3.80.0033
Bosch	Divar Ip 5000	-
Bosch	Video Management System	< 3.71.0032
Bosch	Video Recording Manager	< 3.71.0032

Related Weaknesses (CWE)

CWE-22

References

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bVendor Advisory
https://psirt.bosch.comVendor Advisory
https://psirt.bosch.com/Advisory/BOSCH-2019-0402.htmlVendor Advisory
https://www.boschsecurity.com/xc/en/support/product-security/security-advisoriesVendor Advisory
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bVendor Advisory
https://psirt.bosch.comVendor Advisory
https://psirt.bosch.com/Advisory/BOSCH-2019-0402.htmlVendor Advisory
https://www.boschsecurity.com/xc/en/support/product-security/security-advisoriesVendor Advisory

FAQ

What is CVE-2019-8952?

CVE-2019-8952 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on...

How severe is CVE-2019-8952?

CVE-2019-8952 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-8952?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Divar Ip 2000 Firmware, Bosch Divar Ip 2000, Bosch Divar Ip 5000 Firmware, Bosch Divar Ip 5000, Bosch Video Management System.