PT-2019-19278 · Bosch · Bosch Divar Ip 5000+3
Adrián Quirós Godoy
·
Published
2019-05-13
·
Updated
2019-05-16
·
CVE-2019-8952
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bosch DIVAR IP 2000 versions 3.10 through 3.62
Bosch DIVAR IP 5000 versions 3.10 through 3.62
Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032
Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056
Description
A Path Traversal issue affects several Bosch hardware and software products, potentially allowing a remote authorized user to access arbitrary files on the system via the network interface.
Recommendations
For Bosch DIVAR IP 2000 versions 3.10 through 3.62, update to version 3.62.0019 or newer.
For Bosch DIVAR IP 5000 versions 3.10 through 3.62, update to version 3.80.0033 or newer.
For Video Recording Manager (VRM) versions 3.10 through 3.71 before 3.71.0032, update to version 3.71.0032 or newer.
For Bosch Video Management System (BVMS) versions 3.50.00XX through 3.70.0056, update to version 7.5 or 3.71.0032.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosch Divar Ip 2000
Bosch Divar Ip 5000
Bosch Video Management System
Video Recording Manager