Strix
26.1K

CVE-2020-6769

CRITICALCVSS 9.1/10EPSS 2.22%

Last modified

CVE-2020-6769 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. EPSS estimates a 2.22% chance of exploitation in the next 30 days.

Description

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Probability
2.22%

80.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BoschVideo Streaming Gateway<= 6.42.10
BoschVideo Streaming Gateway>= 6.43, <= 6.43.0023
BoschVideo Streaming Gateway>= 6.44, <= 6.44.022
BoschVideo Streaming Gateway>= 6.45, <= 6.45.08
BoschDivar Ip 2000 Firmware<= 3.62.0019
BoschDivar Ip 5000 Firmware<= 3.80.0039

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-6769?
Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.
How severe is CVE-2020-6769?
CVE-2020-6769 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 2.22% probability of exploitation in the next 30 days.
How do I fix CVE-2020-6769?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-6769?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST