CVE-2023-28175
HIGHBosch Video Management System 11.0-11.1.1 - Authenticated Internal Network Access via SSH Port Forwarding
Title source: llmDescription
Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-025794-bt.html
Scores
CVSS v3
7.1
EPSS
0.0046
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
CWE-863
Status
published
Products (9)
bosch/divar_ip_3000_firmware
7.5 - 8.0
bosch/divar_ip_4000_firmware
11.1.1
bosch/divar_ip_5000_firmware
9.0 - 11.1.1
bosch/divar_ip_6000_firmware
11.1.1
bosch/divar_ip_7000_firmware
7.5 - 8.0
bosch/divar_ip_7000_r2_firmware
7.5 - 11.1.1
bosch/divar_ip_7000_r3_firmware
10.1.1 - 11.1.1
bosch/video_management_system
7.5 - 11.1.1
bosch/video_management_system_viewer
7.5 - 11.1.1
Published
Jun 15, 2023
Tracked Since
Feb 18, 2026