CVE-2023-35867

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
boschCNA
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
boschbuilding_integration_system_video_engine
𝑥
≤ 5.0.1
boschbosch_video_management_system
𝑥
≤ 12.0
boschvideo_management_system_viewer
𝑥
≤ 12.0
boschconfiguration_manager
𝑥
≤ 7.62
boschdivar_ip_7000_r2_firmware
𝑥
≤ 12.0
boschdivar_ip_all-in-one_4000_firmware
𝑥
≤ 12.0
boschdivar_ip_all-in-one_5000_firmware
𝑥
≤ 12.0
boschdivar_ip_all-in-one_6000_firmware
𝑥
≤ 12.0
boschdivar_ip_all-in-one_7000_firmware
𝑥
≤ 12.0
boschdivar_ip_all-in-one_7000_r3_firmware
𝑥
≤ 12.0
boschintelligent_insights
𝑥
≤ 1.0.3.14
bosch_onvif_camera_event_driver_tool
𝑥
≤ 2.0.0.8
boschproject_assistant
𝑥
≤ 2.3
boschvideo_security_client
𝑥
≤ 3.3.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html