PT-2019-19277 · Bosch · Bosch Divar Ip 5000+3

Adrián Quirós Godoy

·

Publicado

2019-05-13

·

Atualizado

2019-05-16

·

CVE-2019-8951

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Bosch DIVAR IP 2000 versions 3.10 through 3.62 Bosch DIVAR IP 5000 versions 3.10 through 3.62 Video Recording Manager (VRM) versions 3.20 through 3.62 Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX
Description An Open Redirect issue in the webserver affects several Bosch products, potentially allowing a remote attacker to redirect users to an arbitrary URL.
Recommendations For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer. For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer. For Video Recording Manager (VRM) versions 3.20 through 3.62, update to version 3.70.0056 or newer, or version 3.81.0032 or newer. For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX, update to version 7.5 or version 3.70.0056.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2019-8951

Produtos afetados

Bosch Divar Ip 2000
Bosch Divar Ip 5000
Bosch Video Management System
Video Recording Manager