CVE-2021-23861

EUVD-2021-10787
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
boschCNA
6.5 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
boschbosch_video_management_system
𝑥
≤ 9.0
boschbosch_video_management_system
10.0 ≤
𝑥
< 10.0.2
boschbosch_video_management_system
10.1
boschbosch_video_management_system
11.0
boschvideo_recording_manager
𝑥
≤ 3.81
boschvideo_recording_manager
3.82 ≤
𝑥
≤ 3.82.0057
boschvideo_recording_manager
3.83 ≤
𝑥
≤ 3.83.0021
boschvideo_recording_manager
4.0 ≤
𝑥
≤ 4.00.0070
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html