Denial of Service Vulnerability in Bosch BT Software Products
CVE-2023-35867

5.9MEDIUM

Key Information:

Vendor: Bosch
Status: BVMS; BVMS Viewer; Configuration Manager; DIVAR IP 7000 R2
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-35867?

A vulnerability exists in Bosch BT software products due to the improper handling of malformed API response packets. This issue allows an unauthenticated attacker to potentially exploit the vulnerability by substituting a legitimate API server with their own, often using Man-in-the-Middle attack techniques. If successfully manipulated, the attacker can trigger a Denial of Service (DoS) condition for API clients, disrupting the normal operational integrity of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIS Video Engine 0 <= 5.0.1

BVMS 0 <= 12.0.0

BVMS Viewer 0 <= 12.0.0

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-0926...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Jun 19, 2023

JSON

Bosch

What is CVE-2023-35867?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.