CVE-2020-6767

Name of the Vulnerable Software and Affected Versions Bosch BVMS versions 7.5 and older Bosch BVMS versions 8.0 through 8.0.329 Bosch BVMS versions 9.0 through 9.0.0.827 Bosch BVMS versions 10.0 through 10.0.0.1225 Bosch BVMS Viewer versions 7.5 and older Bosch BVMS Viewer versions 8.0 through 8.0.329 Bosch BVMS Viewer versions 9.0 through 9.0.0.827 Bosch BVMS Viewer versions 10.0 through 10.0.0.1225 Bosch DIVAR IP 3000 (if a vulnerable BVMS version is installed) Bosch DIVAR IP 7000 (if a vulnerable BVMS version is installed) Bosch DIVAR IP all-in-one 5000 (if a vulnerable BVMS version is installed)

Description A path traversal issue in the FileTransferService of the Bosch Video Management System allows an authenticated remote attacker to read arbitrary files from the Central Server.

Recommendations For Bosch BVMS versions 7.5 and older, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 8.0 through 8.0.329, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 9.0 through 9.0.0.827, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 10.0 through 10.0.0.1225, update to a version newer than 10.0.0.1225. For Bosch BVMS Viewer versions 7.5 and older, update to a version newer than 10.0.0.1225. For Bosch BVMS Viewer versions 8.0 through 8.0.329, update to a version newer than 10.0.0.1225. For Bosch BVMS Viewer versions 9.0 through 9.0.0.827, update to a version newer than 10.0.0.1225. For Bosch BVMS Viewer versions 10.0 through 10.0.0.1225, update to a version newer than 10.0.0.1225. For Bosch DIVAR IP 3000, DIVAR IP 7000, and DIVAR IP all-in-one 5000, ensure that the installed BVMS version is updated to a version newer than 10.0.0.1225.