Video Management System
CVE-2023-28175
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
AnalysisAI
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Affected products include: Bosch Video Management System, Bosch Video Management System Viewer, Bosch Divar Ip 3000 Firmware, Bosch Divar Ip 6000 Firmware, Bosch Divar Ip 4000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Video Management System
View allAn issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in w
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Rated high severity (CVSS 7.
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated
A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated r
A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. Rated medi
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. Rated medi
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today