CVE-2020-6768
Summary
| CVE | CVE-2020-6768 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-07 21:15:00 UTC |
| Updated | 2020-02-12 19:43:00 UTC |
| Description | A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bosch | Divar Ip 3000 | - | All | All | All |
| Hardware | Bosch | Divar Ip 3000 | - | All | All | All |
| Hardware | Bosch | Divar Ip 7000 | - | All | All | All |
| Hardware | Bosch | Divar Ip 7000 | - | All | All | All |
| Hardware | Bosch | Divar Ip All-in-one 5000 | - | All | All | All |
| Hardware | Bosch | Divar Ip All-in-one 5000 | - | All | All | All |
| Application | Bosch | Video Management System | All | All | All | All |
| Application | Bosch | Video Management System | All | All | All | All |
| Application | Bosch | Video Management System | All | All | All | All |
| Application | Bosch | Video Management System | All | All | All | All |
| Application | Bosch | Video Management System Viewer | All | All | All | All |
| Application | Bosch | Video Management System Viewer | All | All | All | All |
| Application | Bosch | Video Management System Viewer | All | All | All | All |
| Application | Bosch | Video Management System Viewer | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Path Traversal in Bosch Video Management System NoTouch deployment | Bosch PSIRT | CONFIRM | psirt.bosch.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.