CVE-2023-28175
Published: Jun 15, 2023
Modified: Dec 17, 2024
CVSS v3.1
7.1
Description
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
| Vendor | Product | Versions |
|---|---|---|
Bosch | BVMS | affected 7.5 - <= 11.1.1 |
Bosch | BVMS Viewer | affected 7.5 - <= 11.1.1 |
Bosch | Bosch DIVAR IP 3000 | affected 7.5 - <= 8.0 |
Bosch | Bosch DIVAR IP 7000 R1 | affected 7.5 - <= 8.0 |
Bosch | Bosch DIVAR IP 7000 R2 | affected 7.5 - <= 11.1.1 |
Bosch | Bosch DIVAR IP all-in-one 7000 R3 | affected 10.1.1 - <= 11.1.1 |
Bosch | Bosch DIVAR IP all-in-one 5000 | affected 9.0 - <= 11.1.1 |
Bosch | Bosch DIVAR IP all-in-one 7000 | affected 9.0 - <= 11.1.1 |
Bosch | DIVAR IP all-in-one 4000 | affected 11.1.1 |
Bosch | DIVAR IP all-in-one 6000 | affected 11.1.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now