CVE-2019-6958 : Security Advisory and Response

A security vulnerability affecting Bosch Video Management System (BVMS) versions 9.0 and earlier, DIVAR IP series, Configuration Manager, Building Integration System (BIS), Access Professional Edition (APE), and more, allows unauthorized access via the RCP+ network port without authentication.

Understanding CVE-2019-6958

This CVE involves an improper access control issue in various Bosch video and access control systems.

What is CVE-2019-6958?

The vulnerability in Bosch systems allows unauthorized access without authentication, potentially leading to data compromise or deletion.

The Impact of CVE-2019-6958

The vulnerability has a CVSS base score of 9.8 (Critical) with high impacts on confidentiality, integrity, and availability, posing a significant security risk.

Technical Details of CVE-2019-6958

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The vulnerability allows attackers to access video data without authentication, classified as CWE-284: Improper Access Control.

Affected Systems and Versions

Bosch Video Management System (BVMS) versions 9.0 and earlier
DIVAR IP 2000, 3000, 5000, and 7000
Configuration Manager, Building Integration System (BIS), Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC), and Video SDK (VSDK)

Exploitation Mechanism

Unauthorized access is possible through the RCP+ network port without the need for authentication.

Mitigation and Prevention

Protecting systems from CVE-2019-6958 is crucial to prevent unauthorized access and data breaches.

Immediate Steps to Take

Update the software to a fixed version promptly
Utilize firewalling and IP filtering as interim mitigation measures

Long-Term Security Practices

Regularly monitor and update security configurations
Conduct security assessments and audits periodically

Patching and Updates

Stay informed about security advisories and apply patches promptly to address known vulnerabilities.