CVE-2023-35867
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-35867
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对异常条件检查或处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
部分Bosch产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bosch BVMS是德国博世(Bosch)公司的一个应用系统。用于视频管理。 部分Bosch产品存在安全漏洞,该漏洞源于API 客户端的格式错误,导致 API 应答数据包处理不当。攻击者利用该漏洞可能会导致拒绝服务 (DoS) 情况。以下产品和版本受到影响:Bosch BIS Video Engine 5.0.1及之前版本、Bosch BVMS 12.0.0及之前版本、Bosch BVMS Viewer 12.0.0及之前版本、Bosch Configuration Manager 7.62及之前版本、
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Bosch | BVMS | 0 ~ 12.0.0 | - | |
| Bosch | BVMS Viewer | 0 ~ 12.0.0 | - | |
| Bosch | Configuration Manager | 0 ~ 7.62 | - | |
| Bosch | DIVAR IP 7000 R2 | 0 ~ 12.0.0 | - | |
| Bosch | DIVAR IP all-in-one 5000 | 0 ~ 12.0.0 | - | |
| Bosch | DIVAR IP all-in-one 7000 | 0 ~ 12.0.0 | - | |
| Bosch | DIVAR IP all-in-one 7000 R3 | 0 ~ 12.0.0 | - | |
| Bosch | DIVAR IP all-in-one 4000 | 0 ~ 12.0.0 | - | |
| Bosch | DIVAR IP all-in-one 6000 | 0 ~ 12.0.0 | - | |
| Bosch | Project Assistant | 0 ~ 2.3 | - | |
| Bosch | Video Security Client | 0 ~ 3.3.5 | - | |
| Bosch | BIS Video Engine | 0 ~ 5.0.1 | - | |
| Bosch | Intelligent Insights | 0 ~ 1.0.3.14 | - | |
| Bosch | ONVIF Camera Event Driver Tool | 0 ~ 2.0.0.8 | - |
II. Public POCs for CVE-2023-35867
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-35867
请登录查看更多情报信息。
Same Patch Batch · Bosch · 2023-12-18 · 4 CVEs total
| CVE-2023-32230 | 7.5 HIGH | 部分Bosch产品 安全漏洞 |
| CVE-2023-39509 | 7.2 HIGH | Bosch IP cameras 安全漏洞 |
| CVE-2022-41677 | 5.3 MEDIUM | Bosch IP cameras 信息泄露漏洞 |
IV. Related Vulnerabilities
Same vendor: Bosch
- CVE-2024-33618
Bosch VMS Central Server 安全漏洞 - CVE-2025-32063
Enabling SSH server on Infotainment ECU - CVE-2025-32062
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32061
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32060
Absence of Kernel Module Signature Verification on Linux Sys
Same weakness: CWE-703
- CVE-2026-34388
Fleet vulnerable to Denial of Service via unhandled gRPC log - CVE-2025-59787
HTTP 5XX Internal Server Errors - CVE-2026-28407
malcontent's nested archive extraction failure can drop cont - CVE-2026-1996
Certain HP OfficeJet Pro Printers – Denial of Service - CVE-2025-68135
EVerest's inadequate exception handling leads to denial of s
V. Comments for CVE-2023-35867
No comments yet