U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2021-23860

Change History

Initial Analysis by NIST 12/14/2021 11:36:10 AM

Action Type Old Value New Value
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Added CWE

								
							
							
						
NIST CWE-79
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:* versions up to (including) 9.0
          *cpe:2.3:a:bosch:bosch_video_management_system:*:*:*:*:*:*:*:* versions from (including) 10.0 up to (excluding) 10.0.2
          *cpe:2.3:a:bosch:bosch_video_management_system:10.1:*:*:*:*:*:*:*
          *cpe:2.3:a:bosch:bosch_video_management_system:11.0:*:*:*:*:*:*:*
          *cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:* versions up to (including) 3.81
          *cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:* versions from (including) 3.82 up to (including) 3.82.0057
          *cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:* versions from (including) 3.83 up to (including) 3.83.0021
          *cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:* versions from (including) 4.0 up to (including) 4.00.0070
     OR
          cpe:2.3:o:bosch:divar_ip_5000_firmware:-:*:*:*:*:*:*:*
          cpe:2.3:o:bosch:divar_ip_7000_firmware:-:*:*:*:*:*:*:*
Changed Reference Type
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html No Types Assigned
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html Vendor Advisory
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism