admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-238xx/CVE-2021-23861.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

196 lines
6.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-23861",
"sourceIdentifier": "psirt@bosch.com",
"published": "2021-12-08T22:15:08.543",
"lastModified": "2022-08-30T18:18:22.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
},
{
"lang": "es",
"value": "Al ejecutar un comando especial, un usuario con derechos administrativos puede conseguir acceso a la funcionalidad extended debug en el VRM permitiendo un impacto en la integridad o disponibilidad del software instalado. Este problema tambi\u00e9n afecta a las instalaciones de DIVAR IP y BVMS con VRM instalado"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.0",
"matchCriteriaId": "0B9DD276-15C0-4942-8899-553F7C190320"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0",
"versionEndExcluding": "10.0.2",
"matchCriteriaId": "989D5F9A-D223-4070-82AE-FA79E8B2572C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57FA3EF2-6A7C-46FD-A758-92045A3A2DEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:bosch_video_management_system:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF22168-E2A2-47B8-B9BC-104FF1CFDF30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.81",
"matchCriteriaId": "D54B21E5-8C3E-423F-8E49-9F05B41D540B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.82",
"versionEndIncluding": "3.82.0057",
"matchCriteriaId": "31D1E38A-C0F8-421B-B837-3D2FBD132A18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.83",
"versionEndIncluding": "3.83.0021",
"matchCriteriaId": "7171D63A-3A1A-4235-9317-009D7C85A93C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.00.0070",
"matchCriteriaId": "31572EBA-C58A-46E8-88EA-ADE04578E039"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:bosch:divar_ip_5000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C1615D-2E5F-4D49-B937-05C81AB5414C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:bosch:divar_ip_7000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CCD42BE-E4B7-43FC-95FB-C97704E5C268"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
"source": "psirt@bosch.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink