CVE-2018-19036

Опубликовано: 17 дек. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

Ссылки

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf
Mitigation
Patch
Vendor Advisory
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bosch:common_product_platform_4_firmware:*:*:*:*:*:*:*:*

Версия от 6.32 (включая)

Одно из

cpe:2.3:h:bosch:autodome_ip_4000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_5000_ir:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_7000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_hd_1080p:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_hd_1080p_hdr:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_hd_720p:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_imager_9000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_4000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_5000_mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_bullet_4000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_bullet_5000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_starlight_7000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:extegra_ip_dynamic_9000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:extegra_ip_starlight_9000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_corner_9000_mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_hd_1080p:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_hd_1080p_hdr:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_hd_720p:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_indoor_4000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_indoor_4000_ir:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_indoor_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_indoor_5000_mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_micro_2000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_micro_2000_ip:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_micro_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_micro_5000_mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_ir:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panormic_5000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:ip_2000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:ip_2000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:ip_bullet_4000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:ip_bullet_5000_hd:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:mic_ip_dynamic_7000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:mic_ip_starlight_7000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:tinyon_ip_2000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p_hdr:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:vandal-proof_flexidome_hd_720p:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:bosch:common_product_platform_6_firmware:*:*:*:*:*:*:*:*

Версия от 6.32 (включая)

Одно из

cpe:2.3:h:bosch:aviotec_ip_starlight_8000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_starlight_8000_12mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_ultra_8000_12mp:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180_iva:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360_iva:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180_iva:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360_iva:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:bosch:common_product_platform_7_firmware:*:*:*:*:*:*:*:*

Версия от 6.32 (включая)

Одно из

cpe:2.3:h:bosch:dinion_ip_starlight_6000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_starlight_7000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_thermal_8000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_starlight_6000:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_starlight_7000:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:bosch:common_product_platform_7.3_firmware:*:*:*:*:*:*:*:*

Версия от 6.32 (включая)

Одно из

cpe:2.3:h:bosch:autodome_ip_4000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_5000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_starlight_5000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:autodome_ip_starlight_7000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_bullet_4000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_bullet_5000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:dinion_ip_bullet_6000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_4000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:flexidome_ip_5000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:mic_ip_fusion_9000i:-:*:*:*:*:*:*:*

cpe:2.3:h:bosch:mic_ip_starlight_7000i:-:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00895

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-mf48-4p29-w2j4

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 75%

0.00895

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-119