Vulnerability Description
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Bosch Video Management System | <= 9.0 |
| Bosch | Video Recording Manager | <= 3.81 |
| Bosch | Divar Ip 5000 Firmware | - |
| Bosch | Divar Ip 7000 Firmware | - |
| Bosch | Videojet Decoder 7513 Firmware | <= 10.22.0038 |
| Bosch | Videojet Decoder 7513 | - |
| Bosch | Videojet Decoder 8000 Firmware | <= 10.01.0036 |
| Bosch | Videojet Decoder 8000 | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlVendor Advisory
FAQ
What is CVE-2021-23862?
CVE-2021-23862 is a vulnerability with a CVSS score of 7.2 (HIGH). A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVM...
How severe is CVE-2021-23862?
CVE-2021-23862 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23862?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Bosch Video Management System, Bosch Video Recording Manager, Bosch Divar Ip 5000 Firmware, Bosch Divar Ip 7000 Firmware, Bosch Videojet Decoder 7513 Firmware.