Vulnerability Details CVE-2023-35867
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.3%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2023-35867
-
cpe:2.3:a:bosch:_onvif_camera_event_driver_tool:2.0.0.8
-
cpe:2.3:a:bosch:bosch_video_management_system:10.1
-
cpe:2.3:a:bosch:bosch_video_management_system:11.0
-
cpe:2.3:a:bosch:bosch_video_management_system:12.0
-
cpe:2.3:a:bosch:bosch_video_management_system:3.0
-
cpe:2.3:a:bosch:bosch_video_management_system:3.0.1
-
cpe:2.3:a:bosch:bosch_video_management_system:4.0
-
cpe:2.3:a:bosch:bosch_video_management_system:4.5
-
cpe:2.3:a:bosch:bosch_video_management_system:4.5.1
-
cpe:2.3:a:bosch:bosch_video_management_system:4.5.5
-
cpe:2.3:a:bosch:bosch_video_management_system:4.5.8
-
cpe:2.3:a:bosch:bosch_video_management_system:4.5.9
-
cpe:2.3:a:bosch:bosch_video_management_system:5.0
-
cpe:2.3:a:bosch:bosch_video_management_system:5.0.5
-
cpe:2.3:a:bosch:bosch_video_management_system:5.5
-
cpe:2.3:a:bosch:bosch_video_management_system:5.5.5
-
cpe:2.3:a:bosch:bosch_video_management_system:5.5.8
-
cpe:2.3:a:bosch:bosch_video_management_system:6.0
-
cpe:2.3:a:bosch:bosch_video_management_system:6.5
-
cpe:2.3:a:bosch:bosch_video_management_system:7.0
-
cpe:2.3:a:bosch:bosch_video_management_system:7.5
-
cpe:2.3:a:bosch:bosch_video_management_system:8.0
-
cpe:2.3:a:bosch:bosch_video_management_system:9.0
-
cpe:2.3:a:bosch:building_integration_system_video_engine:5.0.1
-
cpe:2.3:a:bosch:configuration_manager:5.50.0226
-
cpe:2.3:a:bosch:configuration_manager:5.51.0051
-
cpe:2.3:a:bosch:configuration_manager:5.52.0118
-
cpe:2.3:a:bosch:configuration_manager:5.53.0127
-
cpe:2.3:a:bosch:configuration_manager:5.54.0133
-
cpe:2.3:a:bosch:configuration_manager:6.10
-
cpe:2.3:a:bosch:configuration_manager:7.21.0078
-
cpe:2.3:a:bosch:configuration_manager:7.62
-
cpe:2.3:a:bosch:intelligent_insights:1.0.3.14
-
cpe:2.3:a:bosch:project_assistant:2.3
-
cpe:2.3:a:bosch:video_management_system_viewer:-
-
cpe:2.3:a:bosch:video_management_system_viewer:10.0
-
cpe:2.3:a:bosch:video_management_system_viewer:10.0.0.1225
-
cpe:2.3:a:bosch:video_management_system_viewer:12.0
-
cpe:2.3:a:bosch:video_management_system_viewer:7.5
-
cpe:2.3:a:bosch:video_management_system_viewer:8.0
-
cpe:2.3:a:bosch:video_management_system_viewer:8.0.329
-
cpe:2.3:a:bosch:video_management_system_viewer:9.0
-
cpe:2.3:a:bosch:video_management_system_viewer:9.0.0.827
-
cpe:2.3:a:bosch:video_security_client:3.3.5
-
cpe:2.3:h:bosch:divar_ip_7000_r2:-
-
cpe:2.3:h:bosch:divar_ip_all-in-one_4000:-
-
cpe:2.3:h:bosch:divar_ip_all-in-one_5000:-
-
cpe:2.3:h:bosch:divar_ip_all-in-one_6000:-
-
cpe:2.3:h:bosch:divar_ip_all-in-one_7000:-
-
cpe:2.3:h:bosch:divar_ip_all-in-one_7000_r3:-
-
cpe:2.3:o:bosch:divar_ip_7000_r2_firmware:12.0
-
cpe:2.3:o:bosch:divar_ip_all-in-one_4000_firmware:12.0
-
cpe:2.3:o:bosch:divar_ip_all-in-one_5000_firmware:12.0
-
cpe:2.3:o:bosch:divar_ip_all-in-one_6000_firmware:12.0
-
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_firmware:12.0
-
cpe:2.3:o:bosch:divar_ip_all-in-one_7000_r3_firmware:12.0