CVE-2019-11684 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: How do I fix CVE-2019-11684?

1. Download the appropriate patch from Bosch support portal. 2. Backup current configuration. 3. Apply the patch following Bosch's installation instructions. 4. Restart the system. 5. Verify the patch is applied correctly.

Q: What is the severity of CVE-2019-11684?

CVE-2019-11684 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows unauthenticated attackers to access a limited subset of certificates stored in the Windows operating system through improper access control in Bosch Video Recording Manager's RCP+ server. It affects Bosch VRM v3.70.x, v3.71 < v3.71.0034, v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; and all BVMS versions using VRM.

📋 TL;DR

This vulnerability allows unauthenticated attackers to access a limited subset of certificates stored in the Windows operating system through improper access control in Bosch Video Recording Manager's RCP+ server. It affects Bosch VRM v3.70.x, v3.71 < v3.71.0034, v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; and all BVMS versions using VRM.

💻 Affected Systems

Products:

Bosch Video Recording Manager (VRM)
DIVAR IP 5000
BVMS (Bosch Video Management System)

Versions: VRM v3.70.x, v3.71 < v3.71.0034, v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM

Operating Systems: Microsoft Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Prior releases of VRM software version 3.70 are considered unaffected. The vulnerability is in the RCP+ server component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal certificates to impersonate legitimate systems, establish persistence, or perform man-in-the-middle attacks against the video surveillance infrastructure.

🟠

Likely Case

Unauthenticated access to certificate data that could be used for reconnaissance or as part of a broader attack chain against the surveillance system.

🟢

If Mitigated

Limited certificate exposure with minimal impact if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability allows unauthenticated access, making internet-exposed systems particularly vulnerable to exploitation.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or compromised internal hosts, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows unauthenticated access, suggesting relatively straightforward exploitation once the attack vector is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: VRM v3.71.0034, v3.81.0050; DIVAR IP 5000 3.80.0039

Vendor Advisory: https://psirt.bosch.com/security-advisories/bosch-sa-804652.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Bosch support portal. 2. Backup current configuration. 3. Apply the patch following Bosch's installation instructions. 4. Restart the system. 5. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate VRM/RCP+ servers from untrusted networks and restrict access to authorized IPs only.

Firewall Rules

all

Block external access to RCP+ server ports (typically 443/TCP for HTTPS) from untrusted networks.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy network monitoring and intrusion detection for RCP+ server traffic anomalies

🔍 How to Verify

Check if Vulnerable:

Check VRM version in the web interface or via Windows registry at HKEY_LOCAL_MACHINE\SOFTWARE\Bosch\VRM\Version

Check Version:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Bosch\VRM" /v Version

Verify Fix Applied:

Verify version is at least VRM v3.71.0034, v3.81.0050, or DIVAR IP 5000 3.80.0039

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to RCP+ server endpoints
Certificate access or export events from VRM logs

Network Indicators:

Unusual traffic patterns to RCP+ server ports from unauthorized sources
Certificate-related requests to VRM systems

SIEM Query:

source="VRM" AND (event="unauthorized_access" OR event="certificate_access")

📊 Metadata

CVE ID: CVE-2019-11684

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CWE: CWE-306

Published: February 26, 2021

Last Updated: November 21, 2024

🔗 References

https://psirt.bosch.com/security-advisories/bosch-sa-804652.html Vendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-804652.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-11684, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Divar Ip 5000 Firmware by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Management System by Bosch

Video Recording Manager by Bosch

Video Recording Manager by Bosch

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities