Vulnerability Description
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Video Management System | >= 7.5, <= 11.1.1 |
| Bosch | Video Management System Viewer | >= 7.5, <= 11.1.1 |
| Bosch | Divar Ip 4000 | - |
| Bosch | Divar Ip 5000 | - |
| Bosch | Divar Ip 6000 | - |
| Bosch | Divar Ip 7000 | - |
| Bosch | Divar Ip 7000 R2 | - |
| Bosch | Divar Ip 7000 R3 | - |
| Bosch | Divar Ip 3000 Firmware | >= 7.5, <= 8.0 |
| Bosch | Divar Ip 3000 | - |
| Bosch | Divar Ip 6000 Firmware | 11.1.1 |
| Bosch | Divar Ip 4000 Firmware | 11.1.1 |
| Bosch | Divar Ip 5000 Firmware | >= 9.0, <= 11.1.1 |
| Bosch | Divar Ip 7000 R2 Firmware | >= 7.5, <= 11.1.1 |
| Bosch | Divar Ip 7000 Firmware | >= 7.5, <= 8.0 |
| Bosch | Divar Ip 7000 R3 Firmware | >= 10.1.1, <= 11.1.1 |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.htmlVendor Advisory
FAQ
What is CVE-2023-28175?
CVE-2023-28175 is a vulnerability with a CVSS score of 7.1 (HIGH). Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
How severe is CVE-2023-28175?
CVE-2023-28175 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28175?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Video Management System, Bosch Video Management System Viewer, Bosch Divar Ip 4000, Bosch Divar Ip 5000, Bosch Divar Ip 6000.