PT-2019-19278 · Bosch · Bosch Divar Ip 5000+3

Adrián Quirós Godoy

·

Publicado

2019-05-13

·

Atualizado

2019-05-16

·

CVE-2019-8952

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Bosch DIVAR IP 2000 versions 3.10 through 3.62 Bosch DIVAR IP 5000 versions 3.10 through 3.62 Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032 Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056
Description A Path Traversal issue affects several Bosch hardware and software products, potentially allowing a remote authorized user to access arbitrary files on the system via the network interface.
Recommendations For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer. For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer. For Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032, update to version 3.71.0032 or newer. For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056, update to version 7.5 or 3.71.0032.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2019-8952

Produtos afetados

Bosch Divar Ip 2000
Bosch Divar Ip 5000
Bosch Video Management System
Video Recording Manager