Deserialization in Bosch Bvms Mobile Video Service
CVE-2020-6770
Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <=…
Vulnerability class: Insecure Deserialization
EPSS: 0.113 (93.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Bosch Bvms Mobile Video Service — versions unspecified
- Bosch Divar Ip 3000 — versions All
- Bosch Divar Ip 7000 — versions All
Weakness classification (CWE)
References
- psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2020-6770?
- CVE-2020-6770 is a critical-severity vulnerability in Bosch Bvms Mobile Video Service, classified under Deserialization of Untrusted Data. CVSS score: 10.0/10. Published 2020-02-07.
- How severe is CVE-2020-6770?
- Critical severity. CVSS v3 base score is 10.0 out of 10.