Improper Check or Handling of Exceptional Conditions in Robert Bosch Hardware solutions

#VU84932 Improper Check or Handling of Exceptional Conditions in Robert Bosch Hardware solutions

Published: 2024-01-03

Vulnerability identifier: #VU84932

Vulnerability risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35867

CWE-ID: CWE-703

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Bosch BIS Video Engine
Hardware solutions / Firmware
Bosch BVMS
Hardware solutions / Firmware
Bosch BVMS Viewer
Hardware solutions / Firmware
Bosch Configuration Manager
Hardware solutions / Firmware
Bosch DIVAR IP 7000 R2
Hardware solutions / Firmware
Bosch DIVAR IP all-in-one 4000
Hardware solutions / Firmware
Bosch DIVAR IP all-in-one 5000
Hardware solutions / Firmware
Bosch DIVAR IP all-in-one 6000
Hardware solutions / Firmware
Bosch DIVAR IP all-in-one 7000
Hardware solutions / Firmware
Bosch DIVAR IP all-in-one 7000 R3
Hardware solutions / Firmware
Bosch Intelligent Insights
Hardware solutions / Firmware
Bosch ONVIF Camera Event Driver Tool
Hardware solutions / Firmware
Bosch Project Assistant
Hardware solutions / Firmware
Bosch Video Security Client
Hardware solutions / Firmware

Vendor: Robert Bosch

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of a malformed API answer packets to API clients. A remote attacker can replace an existing API server and cause a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Bosch BIS Video Engine: 5.0.1

Bosch BVMS: 12.0.0

Bosch BVMS Viewer: 12.0.0

Bosch Configuration Manager: 7.62.0178

Bosch DIVAR IP 7000 R2: 12.0.0

Bosch DIVAR IP all-in-one 4000: 12.0.0

Bosch DIVAR IP all-in-one 5000: 12.0.0

Bosch DIVAR IP all-in-one 6000: 12.0.0

Bosch DIVAR IP all-in-one 7000: 12.0.0

Bosch DIVAR IP all-in-one 7000 R3: 12.0.0

Bosch Intelligent Insights: 1.0.3.14

Bosch ONVIF Camera Event Driver Tool: 2.0.0.8

Bosch Project Assistant: 2.3.0.28

Bosch Video Security Client: 3.3.5.22

External links
http://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Bosch BT software products