CVE-2021-23859
📋 TL;DR
An unauthenticated attacker can send a special HTTP request to crash the service, potentially enabling further unauthenticated commands on standalone VRM or BVMS with VRM installations. This affects Bosch Video Recording Manager (VRM) and Building Video Management System (BVMS) with VRM. Some products have local-only interfaces, reducing exposure.
💻 Affected Systems
- Bosch Video Recording Manager (VRM)
- Bosch Building Video Management System (BVMS) with VRM
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via unauthenticated remote code execution, leading to data theft, system manipulation, or service disruption.
Likely Case
Service denial-of-service (crash) with potential for limited unauthenticated command execution on vulnerable configurations.
If Mitigated
Limited to local network exploitation or prevented by network segmentation and access controls.
🎯 Exploit Status
Exploitation requires sending a crafted HTTP request; complexity is low for DoS, potentially higher for command execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Bosch advisory for specific patched versions
Vendor Advisory: https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html
Restart Required: Yes
Instructions:
1. Review Bosch advisory for affected versions. 2. Apply the recommended patch or update to a fixed version. 3. Restart the service or system as required.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to VRM/BVMS services to trusted IPs only.
Use firewall rules to allow only necessary traffic (e.g., iptables -A INPUT -s <trusted_ip> -p tcp --dport <service_port> -j ACCEPT)
Disable Unnecessary Interfaces
allIf possible, disable HTTP interfaces that are not required for operation.
Consult Bosch documentation for interface configuration
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted sources only.
- Monitor logs for unusual HTTP requests or service crashes and have an incident response plan ready.
🔍 How to Verify
Check if Vulnerable:
Check system version against Bosch advisory; monitor for service crashes after suspicious HTTP requests.Check Version:
Consult Bosch documentation for version check commands specific to VRM/BVMS.Verify Fix Applied:
Verify patch installation by checking version number and testing service stability.📡 Detection & Monitoring
Log Indicators:
- Service crash logs
- Unusual HTTP request patterns in access logs
Network Indicators:
- Unexpected HTTP requests to VRM/BVMS ports
- Increased traffic to service ports
SIEM Query:
Example: search 'VRM crash' OR 'BVMS crash' in system logs