Vulnerability Description
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Bosch Video Management System | <= 9.0 |
| Bosch | Video Recording Manager | <= 3.81 |
| Bosch | Divar Ip 5000 Firmware | - |
| Bosch | Divar Ip 7000 Firmware | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
FAQ
What is CVE-2021-23861?
CVE-2021-23861 is a vulnerability with a CVSS score of 6.5 (MEDIUM). By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. ...
How severe is CVE-2021-23861?
CVE-2021-23861 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23861?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Bosch Video Management System, Bosch Video Recording Manager, Bosch Divar Ip 5000 Firmware, Bosch Divar Ip 7000 Firmware.