What is CVE-2020-6768?

CVE-2020-6768 is a high-severity vulnerability in Bosch Video Management System, classified under Path Traversal. CVSS score: 8.6/10. Published 2020-02-07.

How severe is CVE-2020-6768?

High severity. CVSS v3 base score is 8.6 out of 10.

Path Traversal in Bosch Video Management System

CVE-2020-6768

A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Bosch Video Management System — versions unspecified
Bosch Bvms Viewer — versions unspecified
Bosch Divar Ip 3000 — versions All
Bosch Divar Ip 7000 — versions All
Bosch Divar Ip All-in-one 5000 — versions All

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-6768?: CVE-2020-6768 is a high-severity vulnerability in Bosch Video Management System, classified under Path Traversal. CVSS score: 8.6/10. Published 2020-02-07.
How severe is CVE-2020-6768?: High severity. CVSS v3 base score is 8.6 out of 10.