CVE-2020-6768

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
07/02/2020
Last modified:
12/02/2020

Description

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* 7.5 (including)
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* 8.0 (including) 8.0.329 (including)
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* 9.0 (including) 9.0.0.827 (including)
cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* 10.0 (including) 10.0.0.1225 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 7.5 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 8.0 (including) 8.0.0.329 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 9.0 (including) 9.0.0.827 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 10.0 (including) 10.0.0.1225 (including)
cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 7.5 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 8.0 (including) 8.0.0.329 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 9.0 (including) 9.0.0.827 (including)
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 10.0 (including) 10.0.0.1225 (including)
cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:*
cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* 7.5 (including)


References to Advisories, Solutions, and Tools