CVE-2023-28175
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/06/2023
Last modified:
05/07/2023
Description
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
Impact
Base Score 3.x
7.70
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bosch:video_management_system:*:*:*:*:*:*:*:* | 7.5 (including) | 11.1.1 (including) |
| cpe:2.3:a:bosch:video_management_system_viewer:*:*:*:*:*:*:*:* | 7.5 (including) | 11.1.1 (including) |
| cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_7000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_7000_r2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_7000_r3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bosch:divar_ip_3000_firmware:*:*:*:*:*:*:*:* | 7.5 (including) | 8.0 (including) |
| cpe:2.3:h:bosch:divar_ip_3000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bosch:divar_ip_6000_firmware:11.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_6000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bosch:divar_ip_4000_firmware:11.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:bosch:divar_ip_4000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:bosch:divar_ip_5000_firmware:*:*:*:*:*:*:*:* | 9.0 (including) | 11.1.1 (including) |
To consult the complete list of CPE names with products and versions, see this page