Path Traversal Vulnerability in Bosch DIVAR IP and Video Management Products
CVE-2019-8952

6.5MEDIUM

Key Information:

Vendor

Bosch
Status
Divar Ip 2000 Firmware
Vendor
CVE Published:
13 May 2019

What is CVE-2019-8952?

A path traversal vulnerability within Bosch's webserver can be exploited by remote authorized users to access unauthorized files over the network. This issue affects several significant Bosch products, specifically the DIVAR IP series and Video Recording Manager, where improper validation permits access to sensitive file paths. Products impacted include the Bosch DIVAR IP 2000 and 5000 as well as the Video Management System. Fixed versions are available, addressing this critical security flaw.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://psirt.bosch.com
x_refsource_CONFIRM
https://www.boschsecurity.com/xc/en/support/product-secur...
x_refsource_CONFIRM
https://psirt.bosch.com/Advisory/BOSCH-2019-0402.html
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.