CVE-2023-28175

Name of the Vulnerable Software and Affected Versions Bosch VMS versions 11.0 through 11.1.1

Description The issue is related to insufficient protection of service data in the SSH server of the Bosch BVMS video surveillance system management software. It allows a remote attacker to gain unauthorized access to the network using a port forwarding request. This can enable a remote authenticated user to access resources within the trusted internal network.

Recommendations For versions 11.0 through 11.1.1, consider restricting access to the SSH server until a patch is available. As a temporary workaround, consider disabling port forwarding requests in the SSH server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.