Vulnerability Details : CVE-2021-23862
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2021-23862
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-23862
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
Robert Bosch GmbH |
CWE ids for CVE-2021-23862
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: psirt@bosch.com (Secondary)
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-23862
-
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
Multiple Vulnerabilities in Bosch BT software products | Bosch PSIRTVendor Advisory
Products affected by CVE-2021-23862
- cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:bosch_video_management_system:10.1:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:bosch_video_management_system:11.0:*:*:*:*:*:*:*
- Bosch » Video Recording ManagerVersions from including (>=) 4.0 and up to, including, (<=) 4.00.0070cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*
- Bosch » Video Recording ManagerVersions from including (>=) 3.82 and up to, including, (<=) 3.82.0057cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*
- Bosch » Video Recording ManagerVersions from including (>=) 3.83 and up to, including, (<=) 3.83.0021cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*
- cpe:2.3:o:bosch:videojet_decoder_7513_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:bosch:videojet_decoder_8000_firmware:*:*:*:*:*:*:*:*