CVE-2021-23859
Published: Dec 8, 2021
Modified: Sep 16, 2024
CVSS v3.1
9.1
Description
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
| Vendor | Product | Versions |
|---|---|---|
Bosch | BVMS | affected unspecified - <= 9.0.0affected 11.0 - < 11.0.0affected 10.0 - < 10.0.2affected 10.1 - < 10.1.1 |
Bosch | DIVAR IP 7000 R2 | affected all |
Bosch | DIVAR IP all-in-one 5000 | affected all |
Bosch | DIVAR IP all-in-one 7000 | affected all |
Bosch | VRM | affected unspecified - <= 3.81affected 4.0 - <= 4.00.0070affected 3.83 - <= 3.83.0021affected 3.82 - <= 3.82.0057 |
Bosch | VRM Exporter | affected 2.1 - <= 2.10.0008 |
Bosch | APE | affected unspecified - <= 3.8.x.x |
Bosch | AEC | affected unspecified - <= 2.9.1.x |
Bosch | BIS | affected unspecified - <= 4.9affected unspecified - <= 4.8affected unspecified - <= 4.7 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now