RSS   Vulnerabilities for 'Access professional edition'   RSS

2021-12-08
 
CVE-2021-23859

CWE-755
 

 
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

 

 >>> Vendor: Bosch 19 Products
Access
Smart camera
Configuration manager
Bosch video management system
Building integration system
Access easy controller firmware
Dip 3000 firmware
Dip 7000 firmware
Video recording manager
Bosch video management system mobile video service
Video management system viewer
Video streaming gateway
Smart home
Ip helper
Video client
Monitor wall
Access professional edition
Video recording manager exporter
Video security


Copyright 2024, cxsecurity.com

 

Back to Top