Vulnerability Description
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Video Management System Viewer | <= 7.5 |
| Bosch | Video Management System | <= 7.5 |
| Bosch | Divar Ip 3000 | - |
| Bosch | Divar Ip 7000 | - |
| Bosch | Divar Ip All-In-One 5000 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.htmlBroken LinkVendor Advisory
- https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-PatchVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-381489-BT.htmlBroken LinkVendor Advisory
FAQ
What is CVE-2020-6767?
CVE-2020-6767 is a vulnerability with a CVSS score of 7.7 (HIGH). A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bos...
How severe is CVE-2020-6767?
CVE-2020-6767 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6767?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Video Management System Viewer, Bosch Video Management System, Bosch Divar Ip 3000, Bosch Divar Ip 7000, Bosch Divar Ip All-In-One 5000.