Sign-up

ID

VAR-201905-0315


CVE

CVE-2019-6958


TITLE

plural Bosch Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-004954

DESCRIPTION

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data. plural Bosch The product contains an access control vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Bosch DIVAR IP 2000 and so on are all products of Bosch Company in Germany. Bosch DIVAR IP 2000 is a 2000 series video recorder. Video Recording Manager (VRM) is a video recording manager. Bosch DIVAR IP 3000 is a 3000 series video recorder. An access control error vulnerability exists in several Bosch products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2019-6958 // JVNDB: JVNDB-2019-004954 // VULHUB: VHN-158393

AFFECTED PRODUCTS

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.3

Trust: 1.0

vendor:boschmodel:video clientscope:ltversion:1.7.6.079

Trust: 1.0

vendor:boschmodel:configuration managerscope:ltversion:6.10

Trust: 1.0

vendor:boschmodel:building integration systemscope:gteversion:2.2

Trust: 1.0

vendor:boschmodel:access professional editionscope:gteversion:3.0

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.1

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.8.5

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.6.1

Trust: 1.0

vendor:boschmodel:dip 7000scope:eqversion: -

Trust: 1.0

vendor:boschmodel:dip 3000scope:eqversion: -

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.5

Trust: 1.0

vendor:boschmodel:video sdkscope:ltversion:6.32.0099

Trust: 1.0

vendor:boschmodel:dip 2000scope:ltversion:0380.037

Trust: 1.0

vendor:boschmodel:building integration systemscope:lteversion:4.4

Trust: 1.0

vendor:boschmodel:building integration systemscope:eqversion:4.6

Trust: 1.0

vendor:boschmodel:access easy controllerscope:eqversion:2.1.9.0

Trust: 1.0

vendor:boschmodel:access professional editionscope:lteversion:3.7

Trust: 1.0

vendor:boschmodel:dip 5000scope:ltversion:038.037

Trust: 1.0

vendor:boschmodel:video management systemscope:lteversion:9.0

Trust: 1.0

vendor:robert boschmodel:access easy controllerscope: - version: -

Trust: 0.8

vendor:robert boschmodel:access professional editionscope: - version: -

Trust: 0.8

vendor:robert boschmodel:video clientscope: - version: -

Trust: 0.8

vendor:robert boschmodel:video management systemscope: - version: -

Trust: 0.8

vendor:robert boschmodel:building integration systemscope: - version: -

Trust: 0.8

vendor:robert boschmodel:configuration managerscope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 2000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 3000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 5000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 7000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:video sdkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-004954 // NVD: CVE-2019-6958

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6958
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2019-6958
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6958
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-1061
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6958
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-6958
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-158393
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6958
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2019-6958
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-6958
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158393 // JVNDB: JVNDB-2019-004954 // CNNVD: CNNVD-201905-1061 // NVD: CVE-2019-6958 // NVD: CVE-2019-6958

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-158393 // JVNDB: JVNDB-2019-004954 // NVD: CVE-2019-6958

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1061

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201905-1061

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004954

PATCH
title:BOSCH-2019-0404-BTurl:https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bt-cve-2019-6958_security_advisory_improper_access_control.pdf
Trust: 0.8
title:Multiple Bosch Product access control error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93014
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004954 // 
            
            
            
            CNNVD: CNNVD-201905-1061

EXTERNAL IDS
db:NVDid:CVE-2019-6958
Trust: 2.5
db:JVNDBid:JVNDB-2019-004954
Trust: 0.8
db:CNNVDid:CNNVD-201905-1061
Trust: 0.7
db:VULHUBid:VHN-158393
Trust: 0.1
sources:
            
            
            VULHUB: VHN-158393 // 
            
            
            
            JVNDB: JVNDB-2019-004954 // 
            
            
            
            CNNVD: CNNVD-201905-1061 // 
            
            
            
            NVD: CVE-2019-6958

REFERENCES
url:https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0404bt-cve-2019-6958_security_advisory_improper_access_control.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6958
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6958
Trust: 0.8
sources:
            
            
            VULHUB: VHN-158393 // 
            
            
            
            JVNDB: JVNDB-2019-004954 // 
            
            
            
            CNNVD: CNNVD-201905-1061 // 
            
            
            
            NVD: CVE-2019-6958

SOURCES
db:VULHUBid:VHN-158393
db:JVNDBid:JVNDB-2019-004954
db:CNNVDid:CNNVD-201905-1061
db:NVDid:CVE-2019-6958

LAST UPDATE DATE
2024-11-23T22:25:56.536000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-158393date:2023-01-31T00:00:00
db:JVNDBid:JVNDB-2019-004954date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1061date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6958date:2024-11-21T04:47:18.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-158393date:2019-05-29T00:00:00
db:JVNDBid:JVNDB-2019-004954date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1061date:2019-05-29T00:00:00
db:NVDid:CVE-2019-6958date:2019-05-29T19:29:00.703