Sign-up

ID

VAR-201905-0314


CVE

CVE-2019-6957


TITLE

plural Bosch Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004953

DESCRIPTION

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface. plural Bosch The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Bosch DIVAR IP 2000 and so on are all products of Bosch Company in Germany. Bosch DIVAR IP 2000 is a 2000 series video recorder. Video Recording Manager (VRM) is a video recording manager. Bosch DIVAR IP 3000 is a 3000 series video recorder. A buffer overflow vulnerability exists in several Bosch products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.8

sources: NVD: CVE-2019-6957 // JVNDB: JVNDB-2019-004953 // VULHUB: VHN-158392 // VULMON: CVE-2019-6957

AFFECTED PRODUCTS

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.3

Trust: 1.0

vendor:boschmodel:video clientscope:ltversion:1.7.6.079

Trust: 1.0

vendor:boschmodel:video recording managerscope:gteversion:3.81

Trust: 1.0

vendor:boschmodel:configuration managerscope:ltversion:6.10

Trust: 1.0

vendor:boschmodel:building integration systemscope:gteversion:2.2

Trust: 1.0

vendor:boschmodel:access professional editionscope:gteversion:3.0

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.1

Trust: 1.0

vendor:boschmodel:video recording managerscope:ltversion:3.71.0032

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:ltversion:6.43.0023

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:gteversion:6.45

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:ltversion:6.45.0008

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.8.5

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.6.1

Trust: 1.0

vendor:boschmodel:dip 7000scope:eqversion: -

Trust: 1.0

vendor:boschmodel:dip 3000scope:eqversion: -

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.5

Trust: 1.0

vendor:boschmodel:video recording managerscope:ltversion:3.81.0048

Trust: 1.0

vendor:boschmodel:video sdkscope:ltversion:6.32.0099

Trust: 1.0

vendor:boschmodel:dip 2000scope:ltversion:0380.037

Trust: 1.0

vendor:boschmodel:building integration systemscope:lteversion:4.4

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.6

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.0

Trust: 1.0

vendor:boschmodel:access professional editionscope:lteversion:3.7

Trust: 1.0

vendor:boschmodel:dip 5000scope:ltversion:038.037

Trust: 1.0

vendor:boschmodel:video management systemscope:lteversion:9.0

Trust: 1.0

vendor:robert boschmodel:access easy controllerscope: - version: -

Trust: 0.8

vendor:robert boschmodel:access professional editionscope: - version: -

Trust: 0.8

vendor:robert boschmodel:video clientscope: - version: -

Trust: 0.8

vendor:robert boschmodel:video management systemscope: - version: -

Trust: 0.8

vendor:robert boschmodel:building integration systemscope: - version: -

Trust: 0.8

vendor:robert boschmodel:configuration managerscope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 3000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 7000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:video sdkscope: - version: -

Trust: 0.8

vendor:robert boschmodel:video streaming gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004953 // NVD: CVE-2019-6957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6957
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2019-6957
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6957
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-1062
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158392
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6957
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6957
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158392
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

cve@mitre.org: CVE-2019-6957
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-6957
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-158392 // VULMON: CVE-2019-6957 // JVNDB: JVNDB-2019-004953 // CNNVD: CNNVD-201905-1062 // NVD: CVE-2019-6957 // NVD: CVE-2019-6957

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-158392 // JVNDB: JVNDB-2019-004953 // NVD: CVE-2019-6957

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1062

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-1062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004953

PATCH
title:BOSCH-2019-0403-BTurl:https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf
Trust: 0.8
title:Multiple Bosch Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93015
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004953 // 
            
            
            
            CNNVD: CNNVD-201905-1062

EXTERNAL IDS
db:NVDid:CVE-2019-6957
Trust: 2.6
db:JVNDBid:JVNDB-2019-004953
Trust: 0.8
db:CNNVDid:CNNVD-201905-1062
Trust: 0.7
db:VULHUBid:VHN-158392
Trust: 0.1
db:VULMONid:CVE-2019-6957
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158392 // 
            
            
            
            VULMON: CVE-2019-6957 // 
            
            
            
            JVNDB: JVNDB-2019-004953 // 
            
            
            
            CNNVD: CNNVD-201905-1062 // 
            
            
            
            NVD: CVE-2019-6957

REFERENCES
url:https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0403bt-cve-2019-6957_security_advisory_software_buffer_overflow.pdf
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6957
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6957
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158392 // 
            
            
            
            VULMON: CVE-2019-6957 // 
            
            
            
            JVNDB: JVNDB-2019-004953 // 
            
            
            
            CNNVD: CNNVD-201905-1062 // 
            
            
            
            NVD: CVE-2019-6957

SOURCES
db:VULHUBid:VHN-158392
db:VULMONid:CVE-2019-6957
db:JVNDBid:JVNDB-2019-004953
db:CNNVDid:CNNVD-201905-1062
db:NVDid:CVE-2019-6957

LAST UPDATE DATE
2024-11-23T22:21:41.401000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158392date:2022-11-30T00:00:00
db:VULMONid:CVE-2019-6957date:2022-11-30T00:00:00
db:JVNDBid:JVNDB-2019-004953date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1062date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6957date:2024-11-21T04:47:18.127

SOURCES RELEASE DATE
db:VULHUBid:VHN-158392date:2019-05-29T00:00:00
db:VULMONid:CVE-2019-6957date:2019-05-29T00:00:00
db:JVNDBid:JVNDB-2019-004953date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1062date:2019-05-29T00:00:00
db:NVDid:CVE-2019-6957date:2019-05-29T19:29:00.657