What is CVE-2021-23861?

CVE-2021-23861 is a medium-severity vulnerability in Bosch Bvms, classified under Active Debug Code. CVSS score: 6.5/10. Published 2021-12-08.

How severe is CVE-2021-23861?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Bosch Bvms

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations o…

EPSS: 0.003 (54.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H.

Affected products

Bosch Bvms — versions unspecified, 11.0, 10.0
Bosch Divar Ip 7000 R2 — versions all
Bosch Divar Ip All-in-one 5000 — versions all
Bosch Divar Ip All-in-one 7000 — versions all
Bosch Vrm — versions unspecified, 4.0, 3.83

Weakness classification (CWE)

CWE-489 — Active Debug Code

References

psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-23861?: CVE-2021-23861 is a medium-severity vulnerability in Bosch Bvms, classified under Active Debug Code. CVSS score: 6.5/10. Published 2021-12-08.
How severe is CVE-2021-23861?: Medium severity. CVSS v3 base score is 6.5 out of 10.