CVE-2023-35867

Description

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.

References

Link	Tags
https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-35867?: CVE-2023-35867 has been scored as a medium severity vulnerability.
How to fix CVE-2023-35867?: To fix CVE-2023-35867, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-35867 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-35867 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-35867?: CVE-2023-35867 affects Bosch BVMS, Bosch BVMS Viewer, Bosch Configuration Manager, Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000, Bosch DIVAR IP all-in-one 7000, Bosch DIVAR IP all-in-one 7000 R3, Bosch DIVAR IP all-in-one 4000, Bosch DIVAR IP all-in-one 6000, Bosch Project Assistant, Bosch Video Security Client, Bosch BIS Video Engine, Bosch Intelligent Insights, Bosch ONVIF Camera Event Driver Tool.

Description

Category

CWE-703 – Improper Check or Handling of Exceptional Conditions

References

Frequently Asked Questions