CVE-2021-23862
Last modified
CVE-2021-23862 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Bosch Video Management System | <= 9.0 |
| Bosch | Bosch Video Management System | >= 10.0, < 10.0.2 |
| Bosch | Bosch Video Management System | 10.1 |
| Bosch | Bosch Video Management System | 11.0 |
| Bosch | Video Recording Manager | <= 3.81 |
| Bosch | Video Recording Manager | >= 3.82, <= 3.82.0057 |
| Bosch | Video Recording Manager | >= 3.83, <= 3.83.0021 |
| Bosch | Video Recording Manager | >= 4.0, <= 4.00.0070 |
| Bosch | Videojet Decoder 7513 Firmware | <= 10.22.0038 |
| Bosch | Videojet Decoder 8000 Firmware | <= 10.01.0036 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-23862?
How severe is CVE-2021-23862?
How do I fix CVE-2021-23862?
Are you affected by CVE-2021-23862?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST