CVE-2020-6770

Name of the Vulnerable Software and Affected Versions Bosch BVMS versions 7.5 and older Bosch BVMS versions 8.0 through 8.0.0.329 Bosch BVMS versions 9.0 through 9.0.0.827 Bosch BVMS versions 10.0 through 10.0.0.1225 Bosch DIVAR IP 3000 (affected versions not specified) Bosch DIVAR IP 7000 (affected versions not specified)

Description The issue allows an unauthenticated remote attacker to execute arbitrary code on the system due to deserialization of untrusted data in the BVMS Mobile Video Service.

Recommendations For Bosch BVMS versions 7.5 and older, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 8.0 through 8.0.0.329, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 9.0 through 9.0.0.827, update to a version newer than 10.0.0.1225. For Bosch BVMS versions 10.0 through 10.0.0.1225, update to a version newer than 10.0.0.1225. For Bosch DIVAR IP 3000 and DIVAR IP 7000, ensure that a non-vulnerable BVMS version is installed.