PT-2019-19277 · Bosch · Bosch Divar Ip 5000+3

Adrián Quirós Godoy

·

Published

2019-05-13

·

Updated

2019-05-16

·

CVE-2019-8951

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Bosch DIVAR IP 2000 versions 3.10 through 3.62 Bosch DIVAR IP 5000 versions 3.10 through 3.62 Video Recording Manager (VRM) versions 3.20 through 3.62 Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX
Description An Open Redirect issue in the webserver affects several Bosch products, potentially allowing a remote attacker to redirect users to an arbitrary URL.
Recommendations For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer. For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer. For Video Recording Manager (VRM) versions 3.20 through 3.62, update to version 3.70.0056 or newer, or version 3.81.0032 or newer. For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.60.00XX, update to version 7.5 or version 3.70.0056.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2019-8951

Affected Products

Bosch Divar Ip 2000
Bosch Divar Ip 5000
Bosch Video Management System
Video Recording Manager