Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Sep 16, 2024

Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products

CVE-2021-23859

Description

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

Affected products

Bosch/Divar Ip All In One 5000v5
Range: all
Bosch/BISv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000