CVE-2021-23861
MEDIUMBosch Video Management System and Video Recording Manager - Authenticated Active Debug Code Access via Special Command
Title source: llmDescription
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
Scores
CVSS v3
6.5
EPSS
0.0080
EPSS Percentile
51.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-489
Status
published
Products (4)
bosch/bosch_video_management_system
10.1
bosch/bosch_video_management_system
11.0
bosch/bosch_video_management_system
< 9.0
bosch/video_recording_manager
< 3.81
Published
Dec 08, 2021
Tracked Since
Feb 18, 2026