CVE-2023-35867 — MEDIUM (5.9)

Q: How severe is CVE-2023-35867?

CVE-2023-35867 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-35867?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Building Integration System Video Engine, Bosch Bosch Video Management System, Bosch Video Management System Viewer, Bosch Configuration Manager, Bosch Divar Ip 7000 R2 Firmware.

Vulnerability Description

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosch	Building Integration System Video Engine	<= 5.0.1
Bosch	Bosch Video Management System	<= 12.0
Bosch	Video Management System Viewer	<= 12.0
Bosch	Configuration Manager	<= 7.62
Bosch	Divar Ip 7000 R2 Firmware	<= 12.0
Bosch	Divar Ip 7000 R2	-
Bosch	Divar Ip All-In-One 4000 Firmware	<= 12.0
Bosch	Divar Ip All-In-One 4000	-
Bosch	Divar Ip All-In-One 5000 Firmware	<= 12.0
Bosch	Divar Ip All-In-One 5000	-
Bosch	Divar Ip All-In-One 6000 Firmware	<= 12.0
Bosch	Divar Ip All-In-One 6000	-
Bosch	Divar Ip All-In-One 7000 Firmware	<= 12.0
Bosch	Divar Ip All-In-One 7000	-
Bosch	Divar Ip All-In-One 7000 R3 Firmware	<= 12.0
Bosch	Divar Ip All-In-One 7000 R3	-
Bosch	Intelligent Insights	<= 1.0.3.14
Bosch	Onvif Camera Event Driver Tool	<= 2.0.0.8
Bosch	Project Assistant	<= 2.3
Bosch	Video Security Client	<= 3.3.5

Related Weaknesses (CWE)

CWE-703

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.htmlVendor Advisory

FAQ

What is CVE-2023-35867?

CVE-2023-35867 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this ...

How severe is CVE-2023-35867?

CVE-2023-35867 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-35867?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Building Integration System Video Engine, Bosch Bosch Video Management System, Bosch Video Management System Viewer, Bosch Configuration Manager, Bosch Divar Ip 7000 R2 Firmware.