CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.

Published: Dec 8, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-23861
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bosch / bosch_video_management_system	-	9.0.x
bosch / bosch_video_management_system	10.0	10.0.2
bosch / bosch_video_management_system	10.1	10.1.x
bosch / bosch_video_management_system	11.0	11.0.x
bosch / video_recording_manager	-	3.81.x
bosch / video_recording_manager	3.82	3.82.0057.x
bosch / video_recording_manager	3.83	3.83.0021.x
bosch / video_recording_manager	4.0	4.00.0070.x

https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html

Vulnerability Database

289,697

CVE-2021-23861