Sign-up

ID

VAR-202002-1209


CVE

CVE-2020-6769


TITLE

plural Bosch Vulnerability regarding lack of authentication for critical features in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-001873

DESCRIPTION

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall. plural Bosch The product contains vulnerabilities related to lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Bosch DIVAR IP 2000 is a 2000 series video recorder. Bosch DIVAR IP 3000 is a 3000 series video recorder

Trust: 1.71

sources: NVD: CVE-2020-6769 // JVNDB: JVNDB-2020-001873 // VULHUB: VHN-184894

AFFECTED PRODUCTS

vendor:boschmodel:video streaming gatewayscope:lteversion:6.44.022

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:lteversion:6.42.10

Trust: 1.0

vendor:boschmodel:divar ip 5000scope:lteversion:3.80.0039

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:lteversion:6.45.08

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:gteversion:6.43

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:lteversion:6.43.0023

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:gteversion:6.45

Trust: 1.0

vendor:boschmodel:divar ip 2000scope:lteversion:3.62.0019

Trust: 1.0

vendor:boschmodel:video streaming gatewayscope:gteversion:6.44

Trust: 1.0

vendor:robert boschmodel:divar ip 2000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:divar ip 5000scope: - version: -

Trust: 0.8

vendor:robert boschmodel:video streaming gatewayscope: - version: -

Trust: 0.8

vendor:boschmodel:divar ip 7000scope:eqversion: -

Trust: 0.6

vendor:boschmodel:video streaming gatewayscope:eqversion:6.45.0008

Trust: 0.6

vendor:boschmodel:video streaming gatewayscope:eqversion:6.43.0023

Trust: 0.6

vendor:boschmodel:divar ip 5000scope:eqversion: -

Trust: 0.6

vendor:boschmodel:divar ip 3000scope:eqversion: -

Trust: 0.6

vendor:boschmodel:divar ip 2000scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2020-001873 // CNNVD: CNNVD-202002-241 // NVD: CVE-2020-6769

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-6769
value: CRITICAL

Trust: 1.0

psirt@bosch.com: CVE-2020-6769
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-001873
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202002-241
value: CRITICAL

Trust: 0.6

VULHUB: VHN-184894
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-6769
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-001873
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-184894
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-6769
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

psirt@bosch.com: CVE-2020-6769
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-001873
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-184894 // JVNDB: JVNDB-2020-001873 // CNNVD: CNNVD-202002-241 // NVD: CVE-2020-6769 // NVD: CVE-2020-6769

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-184894 // JVNDB: JVNDB-2020-001873 // NVD: CVE-2020-6769

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-241

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202002-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001873

PATCH
title:BOSCH-SA-260625-BTurl:https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html
Trust: 0.8
title:Bosch Video Streaming Gateway Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110471
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001873 // 
            
            
            
            CNNVD: CNNVD-202002-241

EXTERNAL IDS
db:NVDid:CVE-2020-6769
Trust: 2.5
db:JVNDBid:JVNDB-2020-001873
Trust: 0.8
db:CNNVDid:CNNVD-202002-241
Trust: 0.7
db:VULHUBid:VHN-184894
Trust: 0.1
sources:
            
            
            VULHUB: VHN-184894 // 
            
            
            
            JVNDB: JVNDB-2020-001873 // 
            
            
            
            CNNVD: CNNVD-202002-241 // 
            
            
            
            NVD: CVE-2020-6769

REFERENCES
url:https://psirt.bosch.com/security-advisories/bosch-sa-260625-bt.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-6769
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6769
Trust: 0.8
sources:
            
            
            VULHUB: VHN-184894 // 
            
            
            
            JVNDB: JVNDB-2020-001873 // 
            
            
            
            CNNVD: CNNVD-202002-241 // 
            
            
            
            NVD: CVE-2020-6769

SOURCES
db:VULHUBid:VHN-184894
db:JVNDBid:JVNDB-2020-001873
db:CNNVDid:CNNVD-202002-241
db:NVDid:CVE-2020-6769

LAST UPDATE DATE
2024-11-23T21:59:28.895000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-184894date:2020-02-12T00:00:00
db:JVNDBid:JVNDB-2020-001873date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-241date:2020-03-02T00:00:00
db:NVDid:CVE-2020-6769date:2024-11-21T05:36:09.790

SOURCES RELEASE DATE
db:VULHUBid:VHN-184894date:2020-02-07T00:00:00
db:JVNDBid:JVNDB-2020-001873date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-202002-241date:2020-02-07T00:00:00
db:NVDid:CVE-2020-6769date:2020-02-07T20:15:35.507