CVE-2020-6768 : Security Advisory and Response
CVE-2020-6768 is a path traversal vulnerability in Bosch Video Management System (BVMS) allowing unauthorized remote access to sensitive files. Learn about impacted systems and mitigation steps.
A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This vulnerability affects various Bosch products and versions.
Understanding CVE-2020-6768
What is CVE-2020-6768?
CVE-2020-6768 is a path traversal vulnerability in the Bosch Video Management System (BVMS) that enables unauthorized remote attackers to access arbitrary files on the Central Server.
The Impact of CVE-2020-6768
The vulnerability has a CVSS base score of 8.6, indicating a high severity level. It poses a significant risk to confidentiality.
Technical Details of CVE-2020-6768
Vulnerability Description
The vulnerability allows unauthenticated remote attackers to read arbitrary files from the Central Server in BVMS.
Affected Systems and Versions
- Bosch Video Management System versions 7.5 and older, 8.0.0.329, 9.0.0.827, and 10.0.0.1225
- BVMS Viewer versions 7.5 and older, 8.0.0.329, 9.0.0.827, and 10.0.0.1225
- DIVAR IP 3000, DIVAR IP 7000, and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed
Exploitation Mechanism
The vulnerability can be exploited remotely without requiring privileges, with a low attack complexity over the network.
Mitigation and Prevention
Immediate Steps to Take
- Apply patches provided by Bosch to address the vulnerability.
- Ensure that the BVMS and BVMS Viewer versions are updated to the secure versions.
Long-Term Security Practices
- Regularly monitor for security advisories and updates from Bosch.
- Implement network segmentation and access controls to limit exposure.
Patching and Updates
- Install the necessary patches for BVMS and BVMS Viewer to mitigate the vulnerability.