CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6770

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0730%
EPSS Percentile34.73th
PublishedFeb 7, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.

Affected Platforms (CPE)

πŸ“¦
Bosch

Bosch Video Management System Mobile Video Service

<= 7.5
πŸ“¦
Bosch

Bosch Video Management System Mobile Video Service

>= 8.0 and <= 8.0.0.329
πŸ“¦
Bosch

Bosch Video Management System Mobile Video Service

>= 9.0 and <= 9.0.0.827
πŸ“¦
Bosch

Bosch Video Management System Mobile Video Service

>= 10.0 and <= 10.0.0.1225
πŸ’»
Bosch

Divar Ip 3000 Firmware

All versions
πŸ’»
Bosch

Divar Ip 7000 Firmware

All versions

References & Advisories

πŸ”— https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html
πŸ”— https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html

Related Vulnerabilities

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...

CVE-2020-2682910.0

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections fro...

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...