CVE-2021-23859
Summary
| CVE | CVE-2021-23859 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-08 22:15:00 UTC |
| Updated | 2021-12-14 16:33:00 UTC |
| Description | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 |
Risk And Classification
Problem Types: CWE-755
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bosch | Access Easy Controller | - | All | All | All |
| Operating System | Bosch | Access Easy Controller Firmware | All | All | All | All |
| Application | Bosch | Access Professional Edition | All | All | All | All |
| Application | Bosch | Bosch Video Management System | All | All | All | All |
| Application | Bosch | Bosch Video Management System | 10.1 | All | All | All |
| Application | Bosch | Bosch Video Management System | 11.0 | All | All | All |
| Application | Bosch | Bosch Video Management System | All | All | All | All |
| Application | Bosch | Building Integration System | All | All | All | All |
| Operating System | Bosch | Divar Ip 5000 Firmware | - | All | All | All |
| Operating System | Bosch | Divar Ip 7000 Firmware | - | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager | All | All | All | All |
| Application | Bosch | Video Recording Manager Exporter | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Vulnerabilities in Bosch BT software products | Bosch PSIRT | CONFIRM | psirt.bosch.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.