CVE-2020-6767

HIGH

Bosch Video Management System and Viewer < 7.5 - Authenticated Path Traversal

Title source: llm
STIX 2.1

Description

A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed.

Scores

CVSS v3 7.7
EPSS 0.0131
EPSS Percentile 67.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
bosch/video_management_system < 7.5
bosch/video_management_system_viewer < 7.5
Published Feb 06, 2020
Tracked Since Feb 18, 2026