mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
260 lines
8.2 KiB
JSON
260 lines
8.2 KiB
JSON
{
|
|
"id": "CVE-2021-23862",
|
|
"sourceIdentifier": "psirt@bosch.com",
|
|
"published": "2021-12-08T22:15:08.607",
|
|
"lastModified": "2024-11-21T05:51:58.453",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000)."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Un paquete de configuraci\u00f3n dise\u00f1ado enviado por un usuario administrativo autenticado puede ser usado para ejecutar comandos arbitrarios en el contexto del sistema. Este problema tambi\u00e9n afecta a las instalaciones de VRM, DIVAR IP, BVMS con VRM instalado, el decodificador VIDEOJET (VJD-7513 y VJD-8000)"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@bosch.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 7.2,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
|
|
"baseScore": 9.0,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 8.0,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "psirt@bosch.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-78"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "9.0",
|
|
"matchCriteriaId": "0B9DD276-15C0-4942-8899-553F7C190320"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "10.0",
|
|
"versionEndExcluding": "10.0.2",
|
|
"matchCriteriaId": "989D5F9A-D223-4070-82AE-FA79E8B2572C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:10.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "57FA3EF2-6A7C-46FD-A758-92045A3A2DEE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:11.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1FF22168-E2A2-47B8-B9BC-104FF1CFDF30"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "3.81",
|
|
"matchCriteriaId": "D54B21E5-8C3E-423F-8E49-9F05B41D540B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.82",
|
|
"versionEndIncluding": "3.82.0057",
|
|
"matchCriteriaId": "31D1E38A-C0F8-421B-B837-3D2FBD132A18"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.83",
|
|
"versionEndIncluding": "3.83.0021",
|
|
"matchCriteriaId": "7171D63A-3A1A-4235-9317-009D7C85A93C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.0",
|
|
"versionEndIncluding": "4.00.0070",
|
|
"matchCriteriaId": "31572EBA-C58A-46E8-88EA-ADE04578E039"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:bosch:divar_ip_5000_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E2C1615D-2E5F-4D49-B937-05C81AB5414C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:bosch:divar_ip_7000_firmware:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CCD42BE-E4B7-43FC-95FB-C97704E5C268"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:videojet_decoder_7513_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "10.22.0038",
|
|
"matchCriteriaId": "BC7D70DA-4C3A-4B37-B3E6-266B232FA117"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:videojet_decoder_7513:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A96A7B0B-4C65-412E-8AB0-BD6098548598"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:videojet_decoder_8000_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "10.01.0036",
|
|
"matchCriteriaId": "C28B95FD-5932-4255-9AFE-85229C37C87D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:videojet_decoder_8000:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "028FEDCC-7774-4D17-B017-653365BE0297"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
|
|
"source": "psirt@bosch.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |