CVE-2023-28175

moderate-risk
Published 2023-06-15

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
NETWORK / HIGH complexity

Affected Products (9)

Video Management System
Video Management System Viewer
Divar Ip 6000 Firmware
Divar Ip 4000 Firmware
Divar Ip 5000 Firmware
Divar Ip 7000 R2 Firmware
Divar Ip 7000 R3 Firmware

Affected Vendors

Bosch

References (2)

Vendor Advisory https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html
Vendor Advisory https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html
37
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate