CVE-2021-23859— Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-23859
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
Source: NVD (National Vulnerability Database)
Vulnerability Description
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对异常条件检查或处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bosch 多款产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bosch Access Professional Edition等都是德国博世(Bosch)公司的产品。Bosch Access Professional Edition是一套企业访问控制和安防管理解决方案。BOSCH VRM等都是德国博世(BOSCH)公司的产品。BOSCH VRM是一个应用软件。Bosch BVMS是一个应用系统。Bosch Access Easy Controller(Bosch Aec)是一种直观、用户友好的基于 Web 的访问控制系统。Bosch Divar Ip是一种多合一录
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Bosch | BVMS | unspecified ~ 9.0.0 | - | |
| Bosch | DIVAR IP 7000 R2 | all | - | |
| Bosch | DIVAR IP all-in-one 5000 | all | - | |
| Bosch | DIVAR IP all-in-one 7000 | all | - | |
| Bosch | VRM | unspecified ~ 3.81 | - | |
| Bosch | VRM Exporter | 2.1 ~ 2.10.0008 | - | |
| Bosch | APE | unspecified ~ 3.8.x.x | - | |
| Bosch | AEC | unspecified ~ 2.9.1.x | - | |
| Bosch | BIS | unspecified ~ 4.9 | - |
II. Public POCs for CVE-2021-23859
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-23859
请登录查看更多情报信息。
- https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-23859
Same Patch Batch · Bosch · 2021-12-08 · 4 CVEs total
| CVE-2021-23862 | 7.2 HIGH | Authenticated Remote Code Execution |
| CVE-2021-23861 | 6.5 MEDIUM | Possible Access to Debug Functions in Bosch VRM / BVMS |
| CVE-2021-23860 | 5.0 MEDIUM | Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS |
IV. Related Vulnerabilities
Same vendor: Bosch
- CVE-2024-33618
Bosch VMS Central Server 安全漏洞 - CVE-2025-32063
Enabling SSH server on Infotainment ECU - CVE-2025-32062
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32061
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32060
Absence of Kernel Module Signature Verification on Linux Sys
Same weakness: CWE-703
- CVE-2026-34388
Fleet vulnerable to Denial of Service via unhandled gRPC log - CVE-2025-59787
HTTP 5XX Internal Server Errors - CVE-2026-28407
malcontent's nested archive extraction failure can drop cont - CVE-2026-1996
Certain HP OfficeJet Pro Printers – Denial of Service - CVE-2025-68135
EVerest's inadequate exception handling leads to denial of s
V. Comments for CVE-2021-23859
No comments yet