CVE-2018-19036 - Vulnerability Details

Description

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

Published: 2018-12-17

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:bosch:common_product_platform_4_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:autodome_ip_4000_hd:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_5000_hd:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_5000_ir:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_7000:-:::::::*
	cpe:2.3:h:bosch:dinion_hd_1080p:-:::::::*
	cpe:2.3:h:bosch:dinion_hd_1080p_hdr:-:::::::*
	cpe:2.3:h:bosch:dinion_hd_720p:-:::::::*
	cpe:2.3:h:bosch:dinion_imager_9000_hd:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_4000_hd:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_5000_hd:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_5000_mp:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_bullet_4000:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_bullet_5000:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_starlight_7000_hd:-:::::::*
	cpe:2.3:h:bosch:extegra_ip_dynamic_9000:-:::::::*
	cpe:2.3:h:bosch:extegra_ip_starlight_9000:-:::::::*
	cpe:2.3:h:bosch:flexidome_corner_9000_mp:-:::::::*
	cpe:2.3:h:bosch:flexidome_hd_1080p:-:::::::*
	cpe:2.3:h:bosch:flexidome_hd_1080p_hdr:-:::::::*
	cpe:2.3:h:bosch:flexidome_hd_720p:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_indoor_4000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_indoor_4000_ir:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_indoor_5000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_indoor_5000_mp:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_micro_2000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_micro_2000_ip:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_micro_5000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_micro_5000_mp:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_outdoor_4000_ir:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_hd:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_outdoor_5000_mp:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panormic_5000:-:::::::*
	cpe:2.3:h:bosch:ip_2000:-:::::::*
	cpe:2.3:h:bosch:ip_2000_hd:-:::::::*
	cpe:2.3:h:bosch:ip_bullet_4000_hd:-:::::::*
	cpe:2.3:h:bosch:ip_bullet_5000_hd:-:::::::*
	cpe:2.3:h:bosch:mic_ip_dynamic_7000:-:::::::*
	cpe:2.3:h:bosch:mic_ip_starlight_7000:-:::::::*
	cpe:2.3:h:bosch:tinyon_ip_2000:-:::::::*
	cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p:-:::::::*
	cpe:2.3:h:bosch:vandal-proof_flexidome_hd_1080p_hdr:-:::::::*
	cpe:2.3:h:bosch:vandal-proof_flexidome_hd_720p:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:bosch:common_product_platform_6_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:aviotec_ip_starlight_8000:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_starlight_8000_12mp:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_ultra_8000_12mp:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_180_iva:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_6000_12mp_360_iva:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_180_iva:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_panoramic_7000_12mp_360_iva:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:bosch:common_product_platform_7_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:dinion_ip_starlight_6000:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_starlight_7000:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_thermal_8000:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_starlight_6000:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_starlight_7000:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:o:bosch:common_product_platform_7.3_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:autodome_ip_4000i:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_5000i:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_starlight_5000i:-:::::::*
	cpe:2.3:h:bosch:autodome_ip_starlight_7000i:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_bullet_4000i:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_bullet_5000i:-:::::::*
	cpe:2.3:h:bosch:dinion_ip_bullet_6000i:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_4000i:-:::::::*
	cpe:2.3:h:bosch:flexidome_ip_5000i:-:::::::*
	cpe:2.3:h:bosch:mic_ip_fusion_9000i:-:::::::*
	cpe:2.3:h:bosch:mic_ip_starlight_7000i:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-10754	An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00895.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf

History

No history.

Subscriptions

Bosch Autodome Ip 4000 Hd Autodome Ip 4000i Autodome Ip 5000 Hd Autodome Ip 5000 Ir Autodome Ip 5000i Autodome Ip 7000 Autodome Ip Starlight 5000i Autodome Ip Starlight 7000i Aviotec Ip Starlight 8000 Common Product Platform 4 Firmware Common Product Platform 6 Firmware Common Product Platform 7.3 Firmware Common Product Platform 7 Firmware Dinion Hd 1080p Dinion Hd 1080p Hdr Dinion Hd 720p Dinion Imager 9000 Hd Dinion Ip 4000 Hd Dinion Ip 5000 Hd Dinion Ip 5000 Mp Dinion Ip Bullet 4000 Dinion Ip Bullet 4000i Dinion Ip Bullet 5000 Dinion Ip Bullet 5000i Dinion Ip Bullet 6000i Dinion Ip Starlight 6000 Dinion Ip Starlight 7000 Dinion Ip Starlight 7000 Hd Dinion Ip Starlight 8000 12mp Dinion Ip Thermal 8000 Dinion Ip Ultra 8000 12mp Extegra Ip Dynamic 9000 Extegra Ip Starlight 9000 Flexidome Corner 9000 Mp Flexidome Hd 1080p Flexidome Hd 1080p Hdr Flexidome Hd 720p Flexidome Ip 4000i Flexidome Ip 5000i Flexidome Ip Indoor 4000 Hd Flexidome Ip Indoor 4000 Ir Flexidome Ip Indoor 5000 Hd Flexidome Ip Indoor 5000 Mp Flexidome Ip Micro 2000 Hd Flexidome Ip Micro 2000 Ip Flexidome Ip Micro 5000 Hd Flexidome Ip Micro 5000 Mp Flexidome Ip Outdoor 4000 Hd Flexidome Ip Outdoor 4000 Ir Flexidome Ip Outdoor 5000 Hd Flexidome Ip Outdoor 5000 Mp Flexidome Ip Panoramic 6000 12mp 180 Flexidome Ip Panoramic 6000 12mp 180 Iva Flexidome Ip Panoramic 6000 12mp 360 Flexidome Ip Panoramic 6000 12mp 360 Iva Flexidome Ip Panoramic 7000 12mp 180 Flexidome Ip Panoramic 7000 12mp 180 Iva Flexidome Ip Panoramic 7000 12mp 360 Flexidome Ip Panoramic 7000 12mp 360 Iva Flexidome Ip Panormic 5000 Flexidome Ip Starlight 6000 Flexidome Ip Starlight 7000 Ip 2000 Ip 2000 Hd Ip Bullet 4000 Hd Ip Bullet 5000 Hd Mic Ip Dynamic 7000 Mic Ip Fusion 9000i Mic Ip Starlight 7000 Mic Ip Starlight 7000i Tinyon Ip 2000 Vandal-proof Flexidome Hd 1080p Vandal-proof Flexidome Hd 1080p Hdr Vandal-proof Flexidome Hd 720p

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-17T18:00:00.000Z

Updated: 2024-08-05T11:23:09.040Z

Reserved: 2018-11-06T00:00:00.000Z

Link: CVE-2018-19036

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-17T19:29:00.673

Modified: 2024-11-21T03:57:11.760

Link: CVE-2018-19036

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object