1. Home
  2. CVE Database
  3. CVE-2022-32540
MEDIUM · 5.9

CVE-2022-32540

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidentia...

Vulnerability Description

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
BoschBosch Video Management System>= 10.1, <= 10.1.1
BoschVideojet Decoder 7513 Firmware10.23.0002
BoschVideojet Decoder 7513-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2022-32540?

CVE-2022-32540 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidentia...

How severe is CVE-2022-32540?

CVE-2022-32540 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32540?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Bosch Video Management System, Bosch Videojet Decoder 7513 Firmware, Bosch Videojet Decoder 7513.