CVE-2020-6770 – This critical vulnerability allows unauthentica... (How to Fix)

Q: How do I fix CVE-2020-6770?

1. Download the appropriate patch from Bosch support portal. 2. Backup current configuration. 3. Apply the patch following Bosch's installation guide. 4. Restart the BVMS server and services. 5. Verify the update in BVMS configuration.

Q: What is the severity of CVE-2020-6770?

CVE-2020-6770 has a CVSS score of 10.0 (CRITICAL). This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on Bosch Video Management System (BVMS) installations by exploiting insecure deserialization in the Mobile Video Service. It affects all Bosch BVMS versions 7.5 through 10.0.0.1225, as well as DIVAR IP 3000 and 7000 devices running vulnerable BVMS software.

📋 TL;DR

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code on Bosch Video Management System (BVMS) installations by exploiting insecure deserialization in the Mobile Video Service. It affects all Bosch BVMS versions 7.5 through 10.0.0.1225, as well as DIVAR IP 3000 and 7000 devices running vulnerable BVMS software.

💻 Affected Systems

Products:

Bosch BVMS
Bosch DIVAR IP 3000
Bosch DIVAR IP 7000

Versions: BVMS 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329, 7.5 and older

Operating Systems: Windows (typical BVMS deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: DIVAR IP devices are affected only if they have vulnerable BVMS software installed. The Mobile Video Service (MVS) component is vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the video management system, potentially accessing live camera feeds, stored footage, and using the system as a pivot point into other network segments.

🟠

Likely Case

Remote code execution leading to installation of malware, ransomware, or backdoors on the video management system, compromising surveillance integrity and potentially exposing sensitive video data.

🟢

If Mitigated

Limited impact if systems are isolated behind firewalls with strict network segmentation and access controls, though the vulnerability remains present.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and involves deserialization exploitation, which typically has low complexity once the attack vector is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BVMS 10.0.0.1226, 9.0.0.828, 8.0.0.330, and updates for older versions

Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Bosch support portal. 2. Backup current configuration. 3. Apply the patch following Bosch's installation guide. 4. Restart the BVMS server and services. 5. Verify the update in BVMS configuration.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate BVMS systems from untrusted networks and restrict access to the Mobile Video Service port

Firewall Rules

all

Block external access to BVMS Mobile Video Service port (default TCP 443)

🧯 If You Can't Patch

Segment BVMS systems on isolated VLANs with strict firewall rules
Implement network-based intrusion detection/prevention systems to monitor for deserialization attacks

🔍 How to Verify

Check if Vulnerable:

Check BVMS version in Administration Client under Help > About, or check installed version in Windows Programs and Features

Check Version:

In BVMS Administration Client: Help > About displays version

Verify Fix Applied:

Verify version number is above the vulnerable ranges: 10.0.0.1226+, 9.0.0.828+, 8.0.0.330+, or check with Bosch support

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from BVMS services
Failed authentication attempts to BVMS Mobile Video Service
Unexpected network connections from BVMS server

Network Indicators:

Unusual traffic patterns to BVMS Mobile Video Service port (typically 443)
Malformed serialization payloads in network traffic

SIEM Query:

source="bvms" AND (event_type="process_creation" OR event_type="network_connection") AND dest_port=443

📊 Metadata

CVE ID: CVE-2020-6770

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-502

Published: February 7, 2020

Last Updated: November 21, 2024

🔗 References

https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html Vendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-885551-BT.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6770, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bosch Video Management System Mobile Video Service by Bosch

Bosch Video Management System Mobile Video Service by Bosch

Bosch Video Management System Mobile Video Service by Bosch

Bosch Video Management System Mobile Video Service by Bosch

Divar Ip 3000 Firmware by Bosch

Divar Ip 7000 Firmware by Bosch

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities